arXiv:1505.03791vl [cs.LO] 14 May 2015 


On the Relative Usefulness of Fireballs 


Beniamino Accattoli 

INRIA & LIX/Ecole Polytechnique 


Claudio Sacerdoti Coen 
University of Bologna 


Abstract —In CSL-LICS 2014, Accattoli and Dal Lago HI 
showed that there is an implementation of the ordinary (i.e. 
strong, pure, call-by-name) A-calculus into models like RAM ma¬ 
chines which is polynomial in the number of /3-steps, answering 
a long-standing question. The key ingredient was the use of a 
calculus with useful sharing, a new notion whose complexity 
was shown to be polynomial, but whose implementation was 
not explored. This paper, meant to be complementary, studies 
useful sharing in a call-by-value scenario and from a practical 
point of view. We Introduce the Fireball Calculus, a natural 
extension of call-by-value to open terms, that is an intermediary 
step towards the strong case, and we present three results. 
First, we adapt and refine useful sharing, refining the meta¬ 
theory. Then, we introduce the GLAMoUr a simple abstract 
machine implementing the Fireball Calculus extended with useful 
sharing. Its key feature is that usefulness of a step is tested— 
surprisingly—in constant time. Third, we provide a further 
optimisation that leads to an implementation having only a linear 
overhead with respect to the number of /3-steps. 

I. Introduction 

The A-calculus is an interesting computational model be¬ 
cause it is machine-independent, simple to define, and it com¬ 
pactly models functional and higher-order logic programming 
languages. Its definition has only one rule, the /3 rule, and no 
data structures. The catch is the fact that the /3-rule—which 
by itself is Turing-complete—is not an atomic rule. Its action, 
namely {Xx.t)u -Ap t{x^u}, can make many copies of an 
arbitrarily big sub-program u. In other computational models 
like Turing or RAM machines, an atomic operation can only 
move the head on the ribbon or access a register. Is (3 atomic in 
that sense? Can one count the number of /3-steps to the result 
and then claim that it is a reasonable bound on the complexity 
of the term? Intuition says no, because /3 can be nasty, and 
make the program grow at an exponential rate. This is the size 
explosion problem. 

Useful Sharing: nonetheless, it is possible to take the 
number of /3-steps as an invariant cost model, i.e. as a 
complexity measure polynomially related to RAM or Turing 
machines. While this was known for some notable sub-calculi 
El-®, the first proof for the general case is a recent result 
by Accattoli and Dal Lago ||T1. Similarly to the literature, they 
circumvent size explosion by factoring the problem via an 
intermediary model in between A-calculus and machines. Their 
model is the linear substitution calculus (LSC) HI, Q, that 
is a simple A-calculus with sharing annotations (also known 
as explicit substitutions) where the substitution process is 
decomposed in micro steps, replacing one occurrence at a time. 
In contrast with the literature, the general case is affected by 
a stronger form of size explosion, requiring an additional and 


sophisticated layer of sharing, called useful sharing. Roughly, 
a micro substitution step is useful if it contributes somehow 
to the creation of a /3-redex, and useless otherwise. Useful 
reduction then selects only useful substitution steps, avoiding 
the useless ones. In 11, the Useful LSC is shown to be 
polynomially related to both Z-calculus (in a quadratic way) 
and RAM machines (with polynomial overhead, conjectured 
linear). It therefore follows that there is a polynomial relation¬ 
ship A ^ RAM. Pictorially: 



(linear?) 


Useful LSC 


Coming back to our questions, the answer of IT] is yes, 
/3 is atomic, up to a polynomial overhead. It is natural to 
wonder how big this overhead is. Is /3 reasonably atomic? Or 
is the degree of the polynomial big and does the invariance 
result only have a theoretical value? In particular, in m the 
definition of useful steps relies on a separate and global 
test for usefulness, that despite being tractable might not be 
feasible in practice. Is there an efficient way to implement 
the Useful LSC? Does useful sharing— i.e. the avoidance of 
useless duplications—^faring a costly overhead? This paper 
answers these questions. But, in order to stress the practical 
value of the study, it shifts to a slightly different setting. 

The Fireball Calculus: we recast the problem in terms 
of the new fireball calculus (FBC), essentially the weak call- 
by-value /-calculus generalised to handle open terms. It is an 
intermediary step towards a strong call-by-value /-calculus, 
that can be seen as iterated open weak evaluation. A similar 
approach to strong evaluation is followed also by Gregoire 
and Leroy in Js). It avoids some of the complications of the 
strong case, and at the same time exposes all the subtleties of 
dealing with open terms. 

Free variables are actually formalised using a distinguished 
syntactic class, that of symbols, noted a, b, c. This approach is 
technically convenient because it allows restricting to closed 
terms, so that any variable occurrence x is bound somewhere, 
while still having a representation of free variables (as sym¬ 
bols). 

The basic idea is that—in the presence of symbols— 
restricting /3-redex to fire only in presence of values is prob¬ 
lematic. Consider indeed the following term: 


t := {{Xx.Xy.u){aa))w 



where w is normal. For the usual call-by-value operational 
semantics t is normal (because aa is not a value) while for 
theoretical reasons (see Ei-ma) one would like to be able 
to fire the blocked redex, reducing to {Xy.u{x^aa})w, so 
that a new redex is created and the computation can continue. 
According to the standard classification of redex creations due 
to Levy 112, this is a creation of type iQ. 

The solution we propose here is to relax the constraint 
about values, allowing /3-redexes to fire whenever the argu¬ 
ment is a more general structure, a so-caWed fireball, defined 
recursively by extending values with inerts, i.e. applications 
of symbols to fireballs. In particular, aa is inert, so that e.g. 
t [Xy.u{x^aa})w, as desired. 

Functional programming languages are usually modelled by 
weak and closed calculi, so it is natural to wonder about the 
practical relevance of the FBC. Applications are along two 
axes. On the one hand, the evaluation mechanism at work in 
proof assistants has to deal with open terms for comparison 
and unification. For instance, Gregoire and Leroy’s fSl, meant 
to improve the implementation of Coq, relies on inerts (therein 
called accumulators). On the other hand, symbols may also be 
interpreted as constructors, meant to represent data as lists or 
trees. The dynamics of fireballs is in fact consistent with the 
way constructors are handled by Standard ML and in 
several formalisation of core ML, as in IITtII . In this paper 
we omit destructors, whose dynamics is orthogonal to the one 
of /3-reduction, and we expect all results presented here to 
carry-over with minor changes to a calculus with destructors. 
Therefore firing redexes involving inerts is also justified from 
a practical perspective. 

The Relative Usefulness of Fireballs: as we explained, the 
generalisation of values to fireballs is motivated by creations 
of type 1 induced by the firing of inerts. There is a subtlety, 
however. While substituting a value can create a new redex 
{e.g. as in {Xx.{xI))I —>■ (x/){x<-/} = II, where / is the 
identity—these are called creations of type 3), substituting a 
inert can not. Said differently, duplicating inerts is useless, 
and leads to size explosion. Note the tension between different 
needs: redexes involving inerts have to be fired (for creations 
of type 1), and yet the duplication and the substitution of inerts 
should be avoided (since they do not give rise to creations of 
type 3). We solve the tension by turning to sharing, and use 
the simplicity of the framework to explore the implementation 
of useful sharing. Both values and inerts {i.e. fireballs) in 
argument position will trigger reduction, and both will be 
shared after the redex is reduced, but only the substitution of 
values might be useful, because inerts are always useless. This 
is what we call the relative usefulness of fireballs. It is also 
why—in contrast to Gregoire and Leroy—we do not identify 
fireballs and values. 

' The reader unfamiliar with redex creations should not worry. Creations are 
a key concept in the study of usefulness—which is why we mention them— 
but for the present discussion it is enough to know that there exists two kinds 
of creations (type 1 and the forthcoming type 3, other types will not play a 
role), no expertise on creations is required. 


The Result: our main result is an implementation of FBC 
relying on useful sharing and such that it has only a linear 
overhead with respect to the number of /3-steps. To be precise, 
the overhead is bilinear, i.e. linear in the number of /3-steps 
and in the size of the initial term (roughly the size of the 
input). The dependency from the size of the initial term is 
induced by the action of /3 on whole subterms, rather than 
on atomic pieces of data as in RAM or Turing machines. 
Therefore, /3 is not exactly as atomic as accessing a register 
or moving the head of a Turing machine, and this is the 
price one must pay for embracing higher-order computations. 
Bilinearity, however, guarantees that such a price is mild 
and that the number of /3 step— i.e. of function calls in a 
functional program—is a faithful measure of the complexity of 
a program. To sum up, our answer is yes, /3 is also reasonably 
atomic. 

A Recipe for Bilinearity, with Three Ingredients: our 
proof technique is a tour de force progressively combining 
together and adapting to the FBC three recent works involving 
the LSC, namely the already cited invariance of useful sharing 
of Q, the tight relationship with abstract machines developed 
by Accattoli, Barenbaum, and Mazza in ITSl . and the optimisa¬ 
tion of the substitution process studied by the present authors 
in Ga. The next section will give an overview of these works 
and of how they are here combined, stressing how the proof is 
more than a simple stratification of techniques. In particular, it 
was far from evident that the orthogonal solutions introduced 
by these works could be successfully combined together. 

This Paper: the paper is meant to be self-contained, and 
mostly follows a didactic style. For the first half we warm up 
by discussing design choices, the difficulty of the problem, 
and the abstract architecture. The second half focuses on the 
results. We also suggest reading the introductions of 12, na, 
d, as they provide intuitions about concepts that here are 
only hinted at. Although not essential, they will certainly 
soften the reading of this work. Omitted proofs are in the 
appendix and related work is discussed in Sect. in 

IT A Recipe with Three Ingredients 

This section gives a sketch of how the bilinear implemen¬ 
tation is built by mixing together tools from three different 
studies on the LSC. 

1} Useful Fireballs: we start by introducing the Useful 
Fireball Calculus (Useful FBC), akin to the Useful LSC, and 
provide the proof that the relationship FBC ^ Useful FBC, 
analogously to the arrow I Useful LSC, has a quadratic 
overhead. Essentially, this step provides us with the following 
diagram: 

FBC RAM 



Useful FBC 

We go beyond simply adapting the study of 12, as the use of 
evaluation contexts (typical of call-by-value scenarios) leads 
to the new notion of useful evaluation context, that simplifies 
the technical study of useful sharing. Another key point is the 
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relative usefulness of fireballs, according to their nature: only 
values are properly subject to the useful discipline, i.e. are 
duplicated only when they contribute somehow to /3-redexes, 
while inerts are never duplicated. 

2 ) Distilling Useful Fireballs: actually, we do not follow 
H] for the study of the arrow Useful FBC RAM. We rather 
refine the whole picture, by introducing a further intermediary 
model, an abstract machine, mediating between the Useful 
FBC and RAM. We adopt the distillation technique of ca, 
that establishes a fine-grained and modular view of abstract 
machines as strategies in the LSC up to a notion of structural 
equivalence on terms. The general pattern arising from ifTSll is 
that for call-by-name/value/need weak and closed calculi the 
abstract machine adds only a bilinear overhead with respect 
to the shared evaluation within the LSC: 

Z-Calculus RAM 

j 

btiznear 

LSC-> Abstract Machine 

Such distilleries owe their name to the fact that the LSC 
retains only part of the dynamics of a machine. Roughly, it 
isolates the relevant part of the computation, distilling it away 
from the search for the next redex implemented by abstract 
machines. The search for the redex is mapped to a notion of 
structural equivalence, a particular trait of the LSC, whose 
key property is that it can be postponed. Additionally, the 
transitions implementing the search for the next redex are 
proved to be bilinear in those simulated by the LSC: the LSC 
then turns out to be a complexity-preserving abstraction of 
abstract machines. 

The second ingredient for the recipe is then a new abstract 
machine, called GLAMoUr, that we prove implements the 
Useful FBC within a bilinear overhead. Moreover, the GLAM¬ 
oUr itself can be implemented within a bilinear overhead. 
Therefore, we obtain the following diagram: 

quadratic 

FBC > RAM 

Useful FBC--> GLAMoUr AM 

This is the most interesting and original step of our study. First, 
it shows that distilleries are compatible with open terms and 
useful sharing. Second, while in ifTSl distilleries were mainly 
used to revisit machines in the literature, here the distillation 
principles are used to guide the design of a new abstract 
machine. Third, useful sharing is handled via a refinement 
of an ordinary abstract machine relying on a basic form of 
labelling. The most surprising fact is that such a labelling 
(together with invariants induced by the call-by-value scenario) 
allows a straightforward and very efficient implementation 
of useful sharing. While the calculus is based on separate 
and global tests for the usefulness of a substitution step, 
the labelling allows the machine to do on-the-fiy and local 
tests, requiring only constant time (!). It then turns out that 
implementing usefulness is much easier than analysing it. 
Summing up, useful sharing is easy to implement and thus a 


remarkable case of a theoretically born concept with relevant 
practical consequences. 

3) Unchaining Substitutions: at this point, it is natural to 
wonder if the bottleneck given by the side of the diagram FBC 
—Useful FBC, due to the overhead of the decomposition of 
substitutions, can be removed. The bound on the overhead is 
in fact tight, and yet the answer is yes, if one refines the actors 
of the play. Our previous work m, showed that (in ordinary 
weak and closed settings) the quadratic overhead is due to 
malicious chains of renamings, i.e. of substitutions of variables 
for variables, and that the substitution overhead reduces to 
linear if the evaluation is modified so that variables are never 
substituted, i.e. if values do not include variables. 

For the fireball calculus the question is tricky. First of all 
a disclaimer: with variables we refer to occurrences of bound 
variables and not to symbols/free variables. Now, our initial 
definition of the calculus will exclude variables from fireballs, 
but useful sharing will force us to somehow reintroduce them. 
Our way out is an optimised form of substitution that unchains 
renaming chains, and whose overhead is proved linear by 
a simple amortised analysis. Such a third ingredient is first 
mixed with both the Useful FBC and the GLAMoUr, obtaining 
the Unchaining FBC and the Unchaining GLAMoUr, and then 
used to prove our main result, an implementation FBC ^ 
RAM having an overhead linear in the number of (3 steps and 
in the size of the initial term: 

FBC..> ram 

iinear ^ bilinear 

bilinear 

Unchaining FBC-> Unchaining GLAMoUr 

In this step, the original content is that the unchaining 
optimisation—while inspired by flhl —is subtler to define than 
in na, as bound variables cannot be simply removed from 
the definition of fireballs, because of usefulness. Moreover, 
we also show how such an optimisation can be implemented 
at the machine level. 

The next section discusses related work. Then there will be a 
long preliminary part providing basic definitions, an abstract 
decomposition of the implementation, and a quick study of 
both a calculus, the Explicit FBC, and a machine, the GLAM, 
without useful sharing. Both the calculus and the machine will 
not have any good asymptotical property, but they will be 
simple enough to familiarise the reader with the framework 
and with the many involved notions. 

III. Related Work 

In the literature, invariance results for the weak call-by- 
value (-calculus have been proved three times, independently. 
First, by Blelloch and Greiner fJl, while studying cost models 
for parallel evaluation. Then by Sands, Gustavsson and Moran 
El, while studying speedups for functional languages, and 
finally by Dal Lago and Martini m, who addressed the 
invariance thesis for (-calculus. Among them, El is the closest 
one, as it also provides an abstract machine and bounds its 
overhead. These works however concern closed terms, and so 
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they deal with a much simpler case. Other simple call-by- 
name cases are studied in Q and 161. The difficult case of 
the strong f-calculus has been studied in m, which is also the 
only reference for useful sharing. 

The LSC is a variation over a f-calculus with ES by Robin 
Milner iflTl . ifTSll . obtained by plugging in some of the ideas 
of the structural Z-calculus by Accattoli and Kesner m, 
introduced as a syntactic reformulation of linear logic proof 
nets. The LSC is similar to calculi studied by De Bruijn 1201 
and Nederpelt l2TI . Its first appearances in the literature are 
in la, ED, but its inception is actually due to Accattoli and 
Kesner. 

Many abstract machines can be rephrased as strategies in l- 
calculi with explicit substitutions (ES), see at least l23l - i28l . 

The related work that is by far closer to ours is the already 
cited study by Gregoire and Leroy of an abstract machine for 
call-by-value weak and open reduction in IS). We developed 
our setting independently, and yet the EBC is remarkably close 
to their calculus, in particular our inerts are essentially their 
accumulators. The difference is that our work is complexity- 
oriented while theirs is implementation-oriented. On the one 
hand they do not recognise the relative usefulness of fireballs, 
and so their machine is not invariant, i.e. our machine is more 
efficient and on some terms even exponentially faster. On the 
other hand, they extend the language up to the calculus of 
constructions, present a compilation to bytecode, and certify 
in Coq the correctness of the implementation. 

The abstract machines in this paper use global environ¬ 
ments, an approach followed only by a minority of authors 
{e.g. 13, ifTSll . ||29]| , Uni) and essentially identifying the 
environment with a store. 

The distillation technique was developed to better under¬ 
stand the relationship between the KAM and weak linear head 
reduction pointed out by Danos & Regnier ISTl . The idea 
of distinguishing between operational content and search for 
the redex in an abstract machine is not new, as it underlies 
in particular the refocusing semantics of Danvy and Nielsen 
fy2\ . Distilleries however bring an original refinement where 
logic, rewriting, and complexity enlighten the picture, leading 
to formal bounds on machine overheads. 

Our unchaining optimisation is a lazy variant of an optimi¬ 
sation that repeatedly appeared in the literature on abstract 
machines, often with reference to space consumption and 
space leaks, for instance in lH as well as in Wand’s 133 
(section 2), Eriedman et al.’s 1341 (section 4), and Sestoft’s 
llTSl (section 4). 

IV. The Eireball Calculus 

The setting is the one of the call-by-value A-calculus ex¬ 
tended with symbols a, b, c, meant to denote free variables (or 
constructors). The syntax is: 

Terms t,u,w,r ::= a: | a | lx.t \ tu 
Values v,v' ::= lx.t 

with the usual notions of free and bound variables, capture¬ 
avoiding substitution t{x<-u}, and closed {i.e. without free 


variables) term. We will often restrict to consider closed 
terms, the idea being that an open term as x{\y.zy) is rather 
represented as the closed term a{Xy.by). 

The ordinary {i.e. without symbols) call-by-value Z-calculus 
has a nice operational characterisation of values: 

closed normal fonns are values 

Now, the introduction of symbols breaks this property, 
because there are closed normal forms as a{Xx.x) that are not 
values. In order to restore the situation, we generalise values 
to fireball^ that are either values v or inerts A, i.e. symbols 
possibly applied to fireballs. Associating to the left, fireballs 
and inerts are compactly defined by 

Eireballs f,g,h ::= v\A 

Inerts A, B, C ::= afi... fn n >0 

Eor instance, Xx.y and a are fireballs, as well as a{Xx.x), 
ab, and {a{Xx.x)){bc){Xy.{zy)). Eireballs can also be defined 
more atomically by mixing values and inerts as follows: 

f ::= v \ A A ::= a \ Af 

Note that AB and AA are always inerts. 

Next, we generalise the call-by-value rule {Xx.t)v 
t{x^v} to substitute fireballs / rather than values v. Eirst 
of all, we define a notion of evaluation context (noted F 
rather than E, reserved to forthcoming global environments), 
mimicking right-to-left CBV evaluation: 

Evaluation Contexts F ::= (■) \ tF \ Ff 

note the case F /, that in CBV would be Fv. Last, we define 
the f (fireball) rule —as follows 

Rule at Top Level Contextual closure 

{lx.t)f t{x<^f} F{t) F{u) if t u 

Our definitions lead to: 

Theorem 1. 

1) Closed normal forms are fireballs. 

2) —is deterministic. 

In the introduction we motivated the notion of fireball both 
from theoretical and practical points of view. Theorem \M 
provides a further, strong justification: it expresses a sort 
of internal harmony of the EBC, allowing to see it as the 
canonical completion of call-by-value to the open setting. 

V. Size Explosion 

Size Explosion is the side effect of a discrepancy between 
the dynamics and the representation of terms. The usual 
substitution t{x<-u} makes copies of u for all the occurrences 
of X, even if u is useless, i.e. it is normal and it does not create 
redexes after substitution. These copies are the burden leading 
to the exponential growth of the size. To illustrate the problem, 
let’s build a size exploding family of terms. 

^About fireball', the first choice was fire-able, but then the spell checker 
suggested fireball. 
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Table I 

Syntax, Rewriting Rules, and Structural Equivalence of the Explicit EBC 


Rule at Top Level 
L{lx.t)L'{f) ^^L{t[x^L'{f)]) 


Contextual Closure 
F{t) -Oj, F{u) if t l-A-m u 


t, u,w,r 
v' 

L,L' 

::= a: 1 a 1 lx.t \ tu \ t[x-^u] 

::= lx.t 

::= {•) 1 L[x^t] 

F{x)lx^L{f)] 

L(F{f)lx^f]) 

F{t) —O^ F{u) if t l-A-e u 

A,B,C 

::= a|L{A>L(/) 




f,9,h 

V \ A 

t[x<-u] [u'^w] 

= com t[y^w\[x^u\ 

it y ^ fv(w) and x ^ ±^{w) 

F 

::= (■) 1 tF 1 FL(f) \ F[x^t] 

{tw)[x<-u] 

=®r tw[x^u\ 

if X ^ fv(t) 



{tw)[x-^u] 

=@l t[x^u\w 

if X ^ ±v{w) 



t[x*-u] [y<-w] 


if y ^ fv(t) 


Note that a inert A, when applied to itself still is a inert 
AA. In particular, it still is a hreball, and so it can be used 
as an argument for redexes. We can then easily build a term 
of size linear in n that in n steps evaluates a complete binary 
tree A^ . Namely, dehne the family of terms for n > 1: 

ti := Aa:i.(a:ia:i) 

^n + l AXyj + l . + l )) 

Now consider tnA, that for a hxed A has size linear in n. 
The next proposition shows that tnA reduces in n steps to 

A2- 

, causing size-explosion. 

Proposition 1 (Size Explosion in the FBC). t„A A^”. 

Proof: by induction on n. Let B := A^ = AA. Cases: 

ti = {Xxi.{xiXi))A —I’f A^ 

fn-t-l — {XXn-\-l.{tn{:i:n+l^n+l)))A 

tnA^ = tnB {i.h.) 

B2- = . 

VI. Fireballs and Explicit Substitutions 

In a ordinary weak scenario, sharing of subterms prevents 
size explosion. In the FBC however this is no longer true, as 
we show in this section. Sharing of subterms is here repre¬ 
sented in a variation over the Linear Substitution Calculus, 
a formalism with explicit substitutions coming from a linear 
logic interpretation of the A-calculus. At the dynamic level, 
the small-step operational semantics of the FBC is rehned 
into a micro-step one, where explicit substitutions replace one 
variable occurrence at a time, similarly to abstract machines. 

The language of the Explicit Fireball Calculus (Explicit 
FBC) is: 

t,u,w,r ::= a; | a | lx.t \ tu \ 

where t[x<^u] is the explicit substitution (ES) of u for x in t, 
that is an alternative notation for let x = u in. t, and where x 
becomes bound (in t). We silently work modulo a-equivalence 
of these bound variables, e.g. {xy)[y^t]{x<^y} = {yz)[z<-t]. 
We use fv(f) for the set of free variables of t. 

Contexts: the dynamics of explicit substitutions is dehned 
using (one-hole) contexts. Weak contexts subsume all the kinds 
of context in the paper, and are dehned by 

W, W' ::= (•) \tW\Wt\ W[x^t] \ t[x^W] 


The plugging W (t) of a term t into a context W is de¬ 
hned as (■)(t) := t, {lx.W){t) := lx.{W(t)), and so on. 
As usual, plugging in a context can capture variables, e.g. 

{{{■)y)[y^t]){y) = iyy)[y^t]- The plugging w{w') of a 

context W' into a context W is dehned analogously. Since all 
kinds of context we will deal with will be weak, the dehnition 
of plugging applies uniformly to all of them. 

A special and frequently used class of contexts is that of 
substitution contexts L ::= {•) | L[x*^t]. 

Switching from the FBC to the Explicit FBC the syntactic 
categories of inerts A, fireballs /, and evaluation contexts F 
are generalised in TableUas to include substitution contexts L. 
Note that hreballs may now contain substitutions, but not at 
top level, because it is technically convenient to give a separate 
status to a hreball / in a substitution context L: terms of the 
form L{f) are called answers. An initial term is a closed term 
with no explicit substitutions. 

Rewriting Rules: the hreball rule is replaced by —Of, 

dehned as the union of the two rules and —Og in Table U 

1) Multiplicative is a version of —J-f where lx.t and 
/ can have substitution contexts L and L' around, and 
the substitution is delayed. 

2) Exponential the substitution or exponential rule 
replaces exactly one occurrence of a variable x currently 
under evaluation (in F) with its dehniendum / given by 
the substitution. Note the apparently strange position of 
L in the reduct. It is correct: L has to commute outside 
to bind both copies of /, otherwise the rule would create 
free variables. 

The name of the rules are due to the linear logic interpretation 
of the ESC. 

Unfolding: the shared representation is related to the 
usual one via the crucial notion of unfolding, producing the 
Z-term denoted by t and dehned by: 

xf := X {tu)l := tful 

{lx.t)l := Ix.tf t[x^u\l := tflx^uf^ 

Note that r„4,= A^". 

As for the FBC, evaluation is well-dehned: 

Theorem 2. 

1) Closed normal forms are answers, i.e. fireballs in sub¬ 
stitution contexts. 

2) —Of is deterministic. 
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Structural Equivalence: the calculus is endowed with a 
structural equivalence, noted =, whose property is to be a 
strong bisimulation with respect to It is the least equiv¬ 
alence relation closed by weak contexts dehned in Table I] 

Proposition 2 (= is a Strong Bisimulation wrt ^f). Let x € 
{sm, se}. Then, t = u and t —Ox t' implies that there exists u' 
such that u u' and t' = u'. 


Size Explosion, Again: coming back to the size explosion 
example, the idea is that—to circumvent it —tn should better 
^m-evaluate to; 

Tn ■■= ixoXo)[xo^xl][xi^xl] . . . [Xn-l^xl][Xn^A] 

which is an alternative, compact representation of of 
size linear in n, and with just one occurrence of A. Without 
symbols, ES are enough to circumvent size explosion Gl-il. 
In our case however they fail. The evaluation we just dehned 
indeed does not stop on the desired compact representation, 
and in fact a linear number of steps (namely 3n) may still 
produce an exponential output (in a substitution context). 


Proposition 3 (Size Explosion in the Explicit EBC). 


Proof: by induction on n. Let B := A^ = AA. Cases: 


ti = {Xxi.{xiXi))A 
{XiXi)[xi^A] 

{XiA)[xi^A] 

{AA)[xi^A\ = A^lxi-^A] 


fn+l 


(,XXfi+l-(fn{,^n+lXn+l')')')A Ojn 

{tnA‘^)[xi<-A] = L{tnB) 


Before introducing useful evaluation—that will liberate us 
from size explosion—we are going to fully set up the archi¬ 
tecture of the problem, by explaining 1) how ES implement 
a calculus, 2) how an abstract machine implements a calculus 
with ES, and 3) how to dehne an abstract machine for the 
inefficient Explicit EBC. Only by then (Sect. IXIb we will start 
optimising the framework, hrst with useful sharing and then 
by eliminating renaming chains. 


VII. Two Levels Implementation 

Here we explain how the the small-step strategy of 
the EBC is implemented by a micro-step strategy We 

are looking for an appropriate strategy with ES which 
is polynomially related to both —and an abstract machine. 
Then we need two theorems: 

1) High-Level Implementation: terminates iff —o termi¬ 

nates. Moreover, —is implemented by ^ with only a 
polynomial overhead. Namely, t u iff t Mj,with 
k polynomial in h; 

2) Low-Level Implementation: -o is implemented on an 
abstract machine with an overhead in time which is 
polynomial in both k and the size of t. 

We will actually be more accurate, giving linear or quadratic 
bounds, but this is the general setting. 


A. High-Level Implementation 

Eirst, terminology and notations. Derivations d,e,... are 
sequences of rewriting steps. With |ci|, |d|ni, and |d|e we 
denote respectively the length, the number of multiplicative, 
and exponential steps of d. 

Definition 1. Let be a deterministic strategy on FBC-terms 
and —o a deterministic strategy for terms with ES. The pair 
(—is a high-level implementation system if whenever 
t is a l-term and d : t —o* u then: 

1) Normal Eorm.' if u is a -o-normal form then uf is a 
—-normal form. 

2) Projection.- df: ufand IdjJ = \d\^. 

Moreover, it is 

1) locally bounded.- if the length of a sequence of substi¬ 
tution e-steps from u is linear in the number |d|m of 
m-steps in d; 

2) globally bounded.- if |(i|e is linear in |d|j,. 

The normal form and projection properties address the 
qualitative part, i.e. the part about termination. The normal 
form property guarantees that —o does not stop prematurely, so 
that when —o terminates —cannot keep going. The projection 
property guarantees that termination of —implies termination 
of -o. The two properties actually state a stronger fact: — 
steps can be identified with the -o^-steps of the —o strategy. 

The local and global bounds allow to bound the overhead 
introduced by the Explicit EBC wrt the EBC, because by 
relating and steps, they relate |d| and IdjJ, since —>■£ 
and steps can be identihed. 

The high-level part can now be proved abstractly. 

Theorem 3 (High-Level Implementation). Let t be an ordi¬ 
nary l-term and (—, —o) a high-level implementation system. 

1) Normalisation.- t is -normalising iff it is ^- 
normalising. 

2) Projection.- if d : t u then df: t —?-f uj. 

Moreover, the overhead of is, depending on the system: 

1) locally bounded.- quadratic, i.e. \d\ = Oddjj^). 

2) globally bounded.- linear, i.e. |(i| = OddjJ). 

Eor the low-level part, in contrast to m, we rely on abstract 
machines, introduced in the next section. 

Let us see our framework at work. We have the following 
result: 

Theorem 4. (—>■£, —°f) is a high-level implementation system. 

Note the absence of complexity bounds. In fact, 
is not even locally bounded. Let here be dehned by 
= t and and u„ := {Xx.x^)A. Then 

d : Un ^m—°e A'^[x^A] is a counter-example to local 
boundedness. Moreover, the Explicit EBC also suffers of size 
explosion, i.e. implementing a single step may take exponential 
time. In Sect. the introduction of useful sharing will solve 
these issues. 
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B. Low-Level Implementation: Abstract Machines 

Introducing Distilleries: an abstract machine M is meant 
to implement a strategy ^ via a distillation, i.e. a decoding 
function A machine has a state s, given by a code t, i.e. a l- 
term t without ES and not considered up to a-equivalence, and 
some data-structures like stacks, dumps, environments, and 
eventually heaps. The data-structures are used to implement 
the search of the next ^-redex and some form of parsimo¬ 
nious substitution, and they distill to evaluation contexts for 
Every state s decodes to a term s, having the shape F{t), 
where f is a Z-term and F is some kind of evaluation context 
for 

A machine computes using transitions, whose union is noted 
-w, of two types. The principal one, noted -^p, corresponds 
to the firing of a rule defining In doing so, the machine 
can differ from the calculus implemented by a transformation 
of the evaluation context to an equivalent one, up to a 
structural congruence =. The commutative transitions, noted 
implement the search for the next redex to be fired by 
rearranging the data-structures to single out a new evaluation 
context, and they are invisible on the calculus. The names 
reflect a proof-theoretical view, as machine transitions can be 
seen as cut-elimination steps ina, M- Garbage collection is 
here simply ignored, as in the ESC it can always be postponed. 

To preserve correctness, structural congruence = is required 
to commute with evaluation i.e. to satisfy 

t^r t^r \ / t t^r \ 

= ^ 3ij s.t. = = 1 A I = => 3r s.t. = = 

u u o 9 / \ u —O 9 u o 9 ) 

for each of the rules of preserving the kind of rule. In 
fact, this means that = is a strong bisimulation (i.e. one 
step to one step) with respect to Strong bisimulations 
formalise transformations which are transparent with respect 
to the behaviour, even at the level of complexity, because they 
can be retarded without affecting the length of evaluation: 

Lemma 1 (= Postponement). If = is a strong bisimulation 
and t (—^ U =)* u then t —>*= u and the number and kind 
of steps of —o in the two reduction sequences is the same. 

We can Anally introduce distilleries, i.e. systems where a 
strategy -o simulates a machine M up to structural equivalence 
= (via the decoding ^). 

Definition 2. A distillery D = (M,^, is given by: 

1) An abstract machine M, given by 

a) a deterministic labeled transition system on 
states s; 

b) a distinguished class of states deemed initial, in 
bijection with closed l-terms and from which one 
obtains the reachable states by applying -w*; 

c) a partition of the labels of the transition system 
as: 

m principal transitions, noted -^p, 

• commutative transitions, noted 

2) a deterministic strategy —o; 


3) a structural equivalence = on terms s.t. it is a strong 
bisimulation with respect to —o; 

4) a distillation i.e. a decoding function from states to 
terms, s.t. on reachable states: 

• Principal.- s -^p s' implies s 

• Commutative.- s s' implies s = s\ 

We will soon prove that a distillery implies a simulation the¬ 
orem, but we want a stronger form of relationship. Additional 
hypothesis are required to obtain the converse simulation, 
handle explicit substitution, and talk about complexity bounds. 

Some terminology first. An execution p is a sequence of 
transition from an initial state. With \p\, \p\p, and \p\c we 
denote respectively the length, the number of principal, and 
commutative transitions of p. The size of a term is noted |f|. 

Definition 3 (Distillation Qualities). A distillery is 
• Reflective when on reachable states: 

- Termination.- terminates; 

- Progress.- if s reduces then s is not final. 

> Explicit when 

- Partition.- principal transitions are partitioned into 
multiplicative and exponential -Wg, like for the 
strategy —o. 

- Explicit decoding.- the partition is preserved by the 
decoding, i.e. 

* Multiplicative.- s s' implies s —Om= 

* Exponential.- s ~'>e s' implies s -Oe= 

■ Bilinear when it is reflective and 

- Execution Length.- given an execution p from an 

initial term t, the number of commutative steps |p|c 
is linear in both |f| and \p\p (with a slightly stronger 
dependency on |<|, due to the time needed to recog¬ 
nise a normal fonn), i.e. if \p\c = 0{{1 |p|p) ■ |f|). 

- Commutative.- A implementable on RAM in a 
constant number of steps; 

- Principal.- ^p is implementable on RAM in 0(|f|) 
steps. 

A reflective distillery is enough to obtain a bisimulation 
between the strategy -o and the machine M, that is strong 
up to structural equivalence =. With |p|j, and |p|e we denote 
respectively the number of multiplicative and exponential 
transitions of p. 

Theorem 5 (Correctness and Completeness). Let D be a 
reflective distillery and s an initial state. 

1) Strong Simulation.-/or every execution p : s s' there 
is a derivation d : s —o*= / s.t. \p\p = |d|. 

2) Reverse Strong Simulation.- for every derivation d : 
s —o* t there is an execution p : s s' s.t. f = / 
and \p\p = \d\. 

Moreover, ;/D is explicit then |p|m = |d|m and |p|e = |d|e- 

Bilinearity, instead, is crucial for the low-level theorem. 

Theorem 6 (Low-Level Implementation Theorem). Let -o be 
a strategy on terms with ES s.t. there exists a bilinear distillery 
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Table II 

GLAM: DATA-STRUCTURES, DECODING AND TRANSITIONS 


'P 

7r, 'k' 

D,D' 


i|(i,7r) E,E' 

e I 0 : TT s,s' 

e I D : (t, 7r) 


e I [x-i-t] : E 
{D, t, IT, E) 


D : (i, tt) 


{•) ■ E := {{■)[x^t\)E 

{(■>0>2L ■■= {D(jl))E 

{t}7r s ■.= Fs(t) 

I2.{{'i{))7L) where s = (D,t,TT, E) 


D 

tu 

TT 

E 


D : (t, tt) 

u 

e 

E 

D 

lx.t 

U : TT 

E 


D 

t 

TT 

[x-i-u]E 

D : (t, tt) 

a 

TX' 

E 

^C3 

D 

t 

(a, tt') : TT 

E 

D : (t, tt) 

lx.u 

e 

E 

^C2 

D 

t 

lx.u : TT 

E 

D 

X 

TT 

El [x^u]E2 


D 


TT 

El [x^u]E2 


where u°‘ is any code o-equivalent to u that preserves well-naming of the machine, i.e. such that any bound name in 
is fresh with respect to those in D, tt and i?i 


D = (M, —o,=,j_). Then a -o-derivation d is implementable 
on RAM machines in 0((1 + |(i|) ■ |i|) steps, i.e. bilinear in 
the size of the initial term t and the length of the derivation 

Ml- 

Proof: given d : t —o" u by Theorem I5I2I there is an 
execution p : s s' s.t. u = and \p\p = |(i|. The number 
of RAM steps to implement p is the sum of the number for 
the commutative and the principal transitions. By bilinearity, 
\p\c = 0((1 + \p\p) ■ |f|) and so all the commutative transitions 
in p require 0((l+|p|p)-|f|) steps, because a single one takes a 
constant number of steps. Again by bilinearity, each principal 
one requires 0(|f|) steps, and so all the principal transitions 
together require 0(|p|p ■ |f|) steps. ■ 

We will discuss three distilleries, summarised in Table ITVl 
(pagefTTI). and two of them will be bilinear. The machines will 
be sophisticated, so that we will first present a machine for 
the inefficient Explicit FBC (Sect. IVlIIl called GLAM), that 
we will later refine with useful sharing (Sect. IXIII GLAMoUr) 
and with renaming chains elimination (Sect. IXIVI Unchaining 
GLAMoUr). 

Let us point out an apparent discrepancy with the literature. 
For the simpler case without symbols, the number of com¬ 
mutative steps of the abstract machine studied in 13 is truly 
linear (and not bilinear), i.e. it does not dependent on the size 
of the initial term. Three remarks; 

1) Complete Evaluation: it is true only for evaluation to 
normal form, while our low-level theorem is also valid 
for both any prefix of the evaluation and diverging 
evaluations. 

2) Normal Form Recognition: it relies on the fact that 
closed normal forms (i.e. values) can be recognised in 
constant time, by simply checking the topmost construc¬ 
tor. With symbols checking if a term is normal requires 
time linear in its size, and so linearity is simply not 
possible. 

3) Asymptotically Irrelevant: the dependency from the ini¬ 
tial term disappears from the number of commutative 
transitions but still affects the cost of the principal ones, 
because every exponentials transition copies a subterm 
of the initial term, and thus it takes 0(|t|) time. 


VIII. An Inefficient Distillery; the GLAM Machine 

In this section we introduce the GLAM machine and show 
that it distills to the Explicit FBC. The distillery is inefficient, 
because Explicit FBC suffers of size explosion, but it is a 
good case study to present distilleries before the optimisations. 
Moreover, it allows to show an unexpected fact; while adding 
useful sharing to the calculus will be a quite tricky and 
technical affair (Sect.lXl]). adding usefulness to the GLAM will 
be surprisingly simple (Sect. IXIB . and yet tests of usefulness 
will only require constant time. 

The machine of this section is the Global LAM (GLAM). 
The name is due to a similar machine, based on local envi¬ 
ronments, introduced in and called LAM—standing for 
Leroy Abstract Machine. The GLAM differs from the LAM in 
two respects; 1) it uses global rather than local environments, 
and 2) it has an additional rule to handle constructors. 

Data-Structures: at the machine level, terms are replaced 
by codes, i.e. terms not considered up to a-equivalence. To 
distinguish codes from terms, we over-line codes like in t. 

States (noted s, s', ...) of the abstract machine are made out 
of a context dump D, a code t, an argument stack tt, and a 
global environment E, defined by the grammars in Table HIl To 
save space, sometimes we write [x<Ai]E for ; E. Note 

that stacks may contain pairs (t, tt) of a code and a stack, 
used to code the application of t to the stack tt. We choose 
this representation to implement commutative rules in constant 
time. 

The Machine: the machine transitions are given in Ta¬ 
ble ini Note that the multiplicative one puts a new entry 
in the environment, while the exponential one performs a 
dashing-avoiding substitution from the environment. The idea 
is that the principal transitions and implement 
and while the commutative transitions '^ 02 ^ und 

locate and expose the next redex following a right-to-left 
strategy. 

The commutative rule -">01 forces evaluation to be right-to- 
left on applications; the machine processes first the argument 
u, saving the left sub term t on the dump together with its 
current stack tt. The role of ~-^c2 und ^->03 is to backtrack to 
the saved sub-term. Indeed, when the argument, i.e. the current 
code, is finally put in normal form, encoded by a stack item 
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Table III 

Context and Relative Unfolding 


Context Unfolding 

('>4 := (') 

4(.> 

Relative Unfolding 

:= 4 

Relative Context Unfolding 

n<.) := n 

{ts)i := 


:= 


:= 

- 5% 

{St)i := Sitl 

*4sii 


S'isu 




:= S'lg{x^u 


cj), the stack item is pushed on the stack, and the machine 
backtracks to the pair on the dump. 

The Distillery: machines start an execution on initial 
states defined as (e,i, e, e), i.e. obtained by taking the term, 
seen now as the code t, and setting to e the other machine 
components. A state represents a term—given by the code— 
and an evaluation context, that for the GLAM is obtained 
by decoding D, tt, and E. The decoding ^ (or distillation) 
function is defined in Table HI] Note that stacks are decoded 
to contest in postfix notation for plugging. To improve read¬ 
ability, when we decode machines, we will denote W (t) with 
{t)W, if the component occurs on the right of t in the machine 
representation. 

A machine state is closed when all free variables in any 
component of the state are bound in E or, equivalently, when s 
is closed in the usual sense. It is well-named when all variables 
bound in the state are distinct. We require well-namedness as 
a machine invariant to allow every environment entry [x^t\ 
to be global (i.e. to bind x everywhere in the machine state). 
From now on, the initial state associated to a term t has as 
code the term obtained a-converting t to make it well-named. 

For every machine we will have invariants, in order to 
prove the properties of a distillery. They are always proved 
by induction over the length of the execution, by a simple 
inspection of the transitions. For the GLAM: 

Lemma 2 (GLAM Invariants). Let s = {D, u, tt, E) be a state 
reachable from an initial code t. Then: 

1) Closure.' s is closed and well-named; 

2) Value.' values in components of s are sub-terms of t; 

3) Fireball.' every term in tt, in E, and in every stack in D 
is a fireball; 

4) Contextual Decoding.' Ej Id, tl and Eg are evaluation 
contexts; 

The invariants are used to prove the following theorem. 

Theorem 7 (GLAM Distillation). {GLAM, ^f,=, is a 
reflective explicit distillery. In particular, let s be a reachable 
state reachable: 

1) Commutative.' if s 2 3 then s = fj 

2) Multiplicative.' if s s' then s 

3) Exponential.' if s -^e s' then s sf. 

Since the Explicit EEC suffers of size-explosion, an expo¬ 
nential step (and thus an exponential transition) may duplicate 
a subterm that is exponentially bigger than the input. Then 
(GLAM,—Of, does not satisfy bilinearity, for which 


every exponential transition has to have linear complexity in 
the size of the input. 


IX. Interlude: Relative Unfoldings 


Now we define some notions for weak contexts that will be 
implicitly instantiated to all kind of contexts in the paper. In 
particular, we define substitution over contexts, and then use 
it to define the unfolding of a context, and the more general 
notion of relative unfolding. 

Implicit substitution on weak contexts W is defined by 


{■){x^u} := 

{tW){x^u} := 

{Wt){x<^u} := 

W[y^t]{x<^u} := 

t[y^W]{x-i-u} := 


{•) 

t{x^u}W{x<-u} 

W{x^u}t{x^u} 

W [y-i-t{x^u}] 
t{x^u} [y-^W {a;<-u}] 


Lemma 3. Let t be a term and W a weak context. Then 
W{t){x<^u} = W{x^u}{t{x^u}). 


Now, we would like to extend the unfolding to contexts, 
but in order to do so we have to restrict the notion of context. 
Indeed, whenever the hole of a context is inside an ES, the 
unfolding may erase or duplicate the hole, producing a term 
or a multi-context, which we do not want. Thus, we turn to 
(weak) shallow contexts, defined by: 


S,S',S" ::= (•) I S'f I f5' I 


(note the absence of the production t[x<-S]). 

Now, we define in Table Hill context unfolding unfolding 
of a term t relative to a shallow context S and unfolding 
S'lg of a shallow context S' relative to a shallow context S. 

Relative unfoldings have a number of properties, summed 
up in the appendix (page l24li . Last, a definition that will be 
important in the next section. 

Definition 4 (Applicative Context). A shallow context S is 
applicative when its hole is applied to a sub term u, i.e. if 
S = S'{Lu). 


X. Introducing Useful Sharing 

Beware: this and the next sections will heavily use contexts 
and notions about them as defined in Sect. |Vl| and Sect. IIXI in 
particular the notions of shallow context, applicative context, 
and relative unfolding. 

Introducing Useful Reduction: note that the substitution 
steps in the size exploding family do not create redexes. We 
want to restrict the calculus so that these useless steps are 
avoided. The idea of useful sharing, is to trigger an exponential 
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redex only if it will somehow contribute to create a multiplica¬ 
tive redex. Essentially, one wants only the exponential steps 

F{x)[x^L{f)] L{F{f)[x^f]) 

s.t. F is applicative and / is a value, so that the firing creates 
a multiplicative redex. Such a change of approach, however, 
has consequences on the whole design of the system. Indeed, 
since some substitutions are delayed, the present requirements 
for the rules might not be met. Consider; 

{Xx.t)y[y^ab] 

we want to avoid substituting ab for the argument y, 
but we also want that evaluation does not stop, Le. that 
{\x.t)y\y^ab] —>-ji t\x^y[y^ab\\. To accomodate such a 
dynamics, our definitions have to be up to unfolding, i.e. 
fireballs have to be replaced by terms unfolding to fireballs. 
There are 4 subtle things about useful reduction. 

1) Multiplicatives and Variables. The idea is that the mul¬ 
tiplicative rule becomes 

L{lx.t)L'(u) L{t[x^L' (u)]) 

where it is the unfolding L'{u)f of the argument L'{u) that is a 
fireball, and not necessarily L'{u) itself. Note that sometimes 
variables are valid arguments of multiplicative redexes, and 
consequently substitutions may contain variables. 

2 ) Exponentials and Future Creations. The exponential rule 
involves contexts, and is trickier to make it useful. A first 
approximation of useful exponential step is 

F{x)[x^L{u)] I—>e L{F{u)[x<-u]) 

where L{u)l. is a value (i.e. it is not a inert) and F is 
applicative, so that—after eventually many substitution steps, 
when X becomes u4:^—a multiplicative redex will pop out. 

Note that an useful exponential step does not always imme¬ 
diately create a multiplicative redex. Consider the following 
step (where I is the identity): 

{xl)[x^y][y^l] {yl)[x^y][y^l] (1) 

No multiplicative redex has been created yet, but step ([T]| is 
useful because the next exponential step creates a multiplica¬ 
tive redex: 

(yl)[x^y][y^l] {II)[x^y][y^I] 

3) Evaluation and Evaluable Contexts. The delaying of 
useless substitutions impacts also on the notion of evaluation 
context F, used in the exponential rule. For instance, the 
following exponential step should be useful 

{{xl)y)[x^l][y^ab] {{II)y)[x^I][y^ab] 

but the context {{{■)I)y)[x<^I][y^ab] isolating x is not an 
evaluation context, it only unfolds to one. We then need a no¬ 
tion of evaluation context up to unfolding. The intuition is that 
a shallow context S is evaluable if ™ evaluation context 
(see Sect. HX] for the definition of context unfolding), and it is 


useful if it is evaluable and applicative. The exponential rule 
then should rather be; 

S{x)[x-i^L{u)] I— L{S{u)[x^u]) 

where ufis a value and S is useful. 

4) Context Closure vs Global Rules. Such a definition, while 
close to the right one, still misses a fundamental point, i.e. 
the global nature of useful steps. Evaluation rules are indeed 
defined by a further closure by contexts, i.e. a step takes 
place in a certain shallow context S'. Of course. S' has to 
be evaluable, but there is more. Such a context, in fact, may 
also give an essential contribution to the usefulness of a step. 
Let us give an example. Consider the following exponential 
step 

{xx)[x^y] {yx)[x^y] 

By itself it is not useful, since y is not a value nor unfolds to 
one. If we plug that redex in the context S := {•)\y-^I], how¬ 
ever, then y unfolds to a value in S, as = Vi(.)[y^xz z] ~ 
Xz.z, and the step becomes: 

{xx)[x^y][y^Xz.z] {yx)[x^y][y^Xz.z] (2) 

No multiplicative redex has been created yet, but step (|2]l is 
useful because it is essential for the creation given by the next 
exponential step; 

{yx)[x^y][y^Xz.z] {{Xz.z)x)[x^y][y^Xz.z] 

Note, indeed, that {Xz.z)x gives a useful multiplicative redex, 
because x unfolds to a fireball in its context {■)\x-^y\[y^Xz.z\. 

Summing up, the useful or useless character of a step 
depends crucially on the surrounding context. Therefore useful 
rules have to be global: rather than given as axioms closed by 
evaluable contexts, they will involve the surrounding context 
itself and impose conditions about it. 

The Useful FBC, presented in the next section, formalises 
these ideas. We will prove it to be a locally bounded imple¬ 
mentation of —obtaining our fist high-level implementation 
theorem. 

XL The Useful Fireball Calculus 

For the Useful FBC, terms, values, and substitution contexts 
are unchanged (with respect to the Explicit FBC), and we use 
shallow contexts S as defined in Sect. m An initial term is 
still a closed term with no explicit substitutions. 

The new key notion is that of evaluable context. 

Definition 5 (Evaluable and Useful Contexts). Evaluable 
(shallow) contexts are defined by the inference system in 
Table 0 A context is useful if it is evaluable and applicative 
(being applicative is easily seen to be preserved by unfolding). 

Point [T] of the following Lemma |4] guarantees that evaluable 
contexts capture the intended semantics suggested in the pre¬ 
vious section. Point |2] instead provides an equivalent inductive 
formulation that does not mention relative unfoldings. The 
definition in Table lYl can be thought has been from the 
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Table IV 

Distilleries in the Paper + Rewriting Rules for the Useful FBC 


Calculus 


FBC 

Explicit FBC 
Useful FBC 
Unchaining FBC —Oof 


Machine 


GLAM 

GLAMoUr 

Unchaining GLAMoUr 


Rule (Already Closed by Contexts) 
S{L{lx.t)u) S{L{t[x*-u])) 

S(S' (x}[x-i-L{u}]) —o^e S{L(S'(u)[x-i-u]}) 


Side Conditions 
S(Lu) is useful 

S(S'[x^L(u)]) is useful 
u ^ u'[y^w\ and = v 


outside, while the lemma give a characterisation from the 
inside, relating sub-terms to their surrounding sub-context. 

Lemma 4. 


Proposition 4 (= is a Strong Bisimulation wrt ^uf)- Let 
X S {um, ue}. Then, t = u and t —Ox t' implies that there 
exists u' such that u —Ox u' and t' = u'. 


\) If S is evaluable then Sfis an evaluation context. 

2) S is evaluable iff is a fireball whenever S = 
S'{S"u) or S = 

Rewriting Rules: the two rewriting rules ^um and ^ue 
are dehned in Table |IV] and we use for U ^ue ■ 
The rules are global, i.e. they do not factor as a rule followed 
by a contextual closure. As already explained, the context has 
to be taken into account, to understand if the step is useful to 
multiplicative redexes. 

In rule —Oum, the requirement that whole context around the 
abstraction is useful guarantees that the argument u unfolds 
to a fireball in its context. Note also that in ^ue this is 
not enough, we have to be sure that such an unfolding is a 
value, otherwise it will not be useful to multiplicative redexes. 
Moreover, the rule requires u ^ u'[y^w], to avoid copying 
substitutions. 

A detailed study of useful evaluation (in the appendix) 
shows that: 

Theorem 8 (Quadratic High-Level Implementation). (— :>f 
, —Ouf) is a locally bounded high-level implementation system, 
and so it has a quadratic overhead wrt —^f. 

Moreover, the structural equivalence = is a strong bisimu¬ 
lation also with respect to ^uf. 


XII. The GLAMoUr Machine 

Here we rehne the GLAM with a very simple tagging of 
stacks and environments, in order to implement useful sharing. 
The idea is that every term in the stack or in the environment 
carries a label I G {u, A} indicating if it unfolds (relatively to 
the environment) to a value or to a inert. 

The grammars are identical to the GLAM, up to labels: 

I ::= v\A E,E' ::= e | 

TT, tt' ::= e I : TT 

The decoding of the various machine components is iden¬ 
tical to that for the GLAM, up to labels that are ignored. The 
state context, however, now is noted Ss, as it is not necessary 
an evaluation context. 

The transitions are in Table |Vl] They are obtained from 
those of the GLAM by: 

1) Backtracking instead of performing a useless substitu¬ 
tion: there are two new backtracking cases and 
(that in the GLAM were handled by the exponential tran¬ 
sition), corresponding to avoided useless duplications: 

backtracks when the entry f to substitute is marked 
A (as it unfolds to a inert) and backtracks when the 
term is marked v but the stack is empty (i.e. the context 
is not applicative). 


Table V 

Evaluable Shallow Contexts 


(■} is evaluable 

S is evaluable 
tS is evaluable 


S is eval. 


tf is a fireball 


St is evaluable 

is eval. f4,is a fireball 

S[x<-i] is evaluable 


Table VI 

Transitions of the GLAMoUr 



D 

tu 

TT 

E 

'~>ci D 

(f,7r) 

u 

€ 

E 


D 

lx.t 

: TT 

E 

*^11111 

D 

t 

TV 


D 

(Lvr) 

lx.u 

e 

E 


D 

t 

(Ix.u)'^ : TV 

E 

D 

(t,ir) 

a 

TT^ 

E 


D 

t 

(a, Tv')"^ : TV 

E 

D 

(t,7r) 

X 

tt' 

Ei[x^rl,^]E2 

'^C4 

D 

t 

(x, Tv')"^ : TV 

Ei_[x^(I>^]E2 

D 

(t,ir) 

X 

e 

El [x<^u^\E2 

'^'=5 

D 

t 

x^ : TV 

El [x*-iiy]E2 


D 

X 

(p^ : TV 

El [x-<^u^\E2 


D 

u°‘ 

<p^ : TV 

El [x^-u‘"]E2 

where is 

any code 

a-equivalent to u that preserves 

well-naming 

of the machine. 
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2) Substituting only when it is useful: the exponential 
transition is applied only when the term to substitute 
has label v and the stack is non-empty. 

Lemma 5 (GLAMoUr Invariants). Let s = {D, u, tt, E) be a 
state reachable from an initial code t. Then: 

1) Closure.' s is closed and well named; 

2) Value.' values in components of s are sub-terms of t; 

3) Fireball.' is a fireball (of kind 1) for every code t in 
TT, E, and in every stack of D; 

4) Evaluability.' ^ D-\-e' ILXe’ evaluable con¬ 

texts; 

5) Environment Size.' the length of the global environment 
E is bound by |p|m. 

Theorem 9 (GLAMoUr Distillation). (GLAMoUr, 

is a reflective explicit distillery. In particular, let s be 
a reachable state: 

1) Commutative.' if s •^ci 2345 s = fj 

2) Multiplicative.' if s s' then s —Oum= 

3) Exponential.' if s -^ue s' then s sf 

In fact, the distillery is even bilinear, as we now show. The 
proof employs the following dehnition of size of a state. 

Definition 6. The size of codes and states is defined by: 

|a;| = |a| := 1 |t?l| 

\lxl\ := |f|-f 1 \(D,t,TT,E)\ 

Lemma 6 (Size Bounded). Let s = (D,u,tt, E) be a state 
reached by an execution p of initial code t. Then kl<(l + 

|p|ue)|f| — |p|c- 

Proof: by induction over the length of the derivation. The 
property trivially holds for the empty derivation. Case analysis 
over the last machine transition. Commutative rule the 

rule splits the code tu between the dump and the code, and the 
measure—as well as the rhs of the formula—decreases by 1 
because the rule consumes the application node. Commutative 
rules -Wcj 3 ^ 5 ; these rules consume the current code, so they 
decrease the measure of at least 1. Multiplicative: it consumes 
the lambda abstraction. Exponential: it modifies the current 
code by replacing a variable (of size 1 ) with a value v coming 
from the environment. Because of Lemma l5l^ rJ is a sub-term 
of t and the dump size increment is bounded by |f|. ■ 

Corollary 1 (Bilinearity of -^c)- Lef s be a state reached by 
an execution p of initial code t. Then \p\c < (1 -f |p|e)|f|- 

Einally, we obtain our first implementation theorem. 

Theorem 10 (Useful Implementation). 

1) Low-Level Bilinear Implementation.' a -derivation 
d is implementable on RAM in 0((1 -f |d|) • |f|) (i.e. 
bilinear) steps. 

2) Low ■¥ High Quadratic Implementation.' a -derivation 
d is implementable on RAM in 0((1 + |(ip) • |f|) steps, 
i.e. linear in the size of the initial term t and quadratic 
in the length of the derivation |d|. 


XIII. The Unchaining EBC 
In this section we start by analysing why the Useful EBC 
has a quadratic overhead. We then refine it, obtaining the 
Unchaining EBC, that we will prove to have only a linear 
overhead wrt the EBC. The optimisation has to do with the 
order in which chains of useful substitutions are performed. 

Analysis of Useful Substitution Chains: in the Useful 
EBC, whenever there is a situation like 

(xiA)[xi^X 2 ] ■ . . [Xn-l^Xn][Xn^v] 

the strategy performs n -f 1 exponential steps 

replacing xi with X2, then X2 with x^,, and so on, until v 
is finally substituted on the head 

{x„A)[xi^X 2 ] . . ■ [x„-i^Xn][Xn^v] 

(vA)[xi^X 2 ] ■ . ■ [Xn-l^Xn][Xn^v] 

and a multiplicative redex can be fired. Any later occurrence 
of xi will trigger the same chain of exponential steps again. 
Because the length n of the chain is bounded by the number 
of previous multiplicative steps (local bound property), the 
overall complexity of the machine is quadratic in the number 
of multiplicative steps. In our previous work IfT^ . we showed 
that to reduce the complexity to linear it is enough to perform 
substitution steps in reverse order, modifying the chains while 
traversing them. The idea is that in the previous example 
1 one should rather have a smart reduction ^oe (o stays for 
)gD|B(5timised, as u is already used for useful reduction) following 
the chain of substitutions and performing; 

{xiA)[xi^X 2 ] . . ■ [Xn-l^Xn][Xn^v] ^oe 
(xiA)[xi^X 2 ] ■ . ■ [Xn-l^v][Xn^v] °oe 

(xiA)[xi^v]...[Xn-l^v][x„^v] ^oe 

(vA)[xi^v] . . . [Xn-l^v][Xn^v] 

Later occurrences of xi will no longer trigger the chain, 
because it has been unchained by traversing it the first time. 

Unfortunately, introducing such an optimisation for useful 
reduction is hard. In the shown example, that has a very simple 
form, it is quite easy to define what following the chain means. 
Eor the distillation machinery to work, however, we need our 
rewriting rules to be stable by structural equivalence, whose 
action is a rearrangement of substitutions through the term 
structure. Then the substitutions [xi^Xi+i] of the example 
can be spread all over the term, interleaved by applications 
and other substitutions, and even nested one into the other 
(like in [xi^Xi+i[xi.^.i-<^Xi+2]])- This makes the specification 
of optimised useful reduction a quite technical affair. 

Chain Contexts: reconsider a term like in the example, 
(xA)[xi^X2][x2^xf\[xa^X4\[x4:^v\. We want the next step 
to substitute on xa so we should give a status to the context 
C := (xA)[xi^X 2 ][x 2 ^xf\[xa^{-)]. The problem is that C 
can be deformed by structural equivalence = as 

C := (x[xi^X2[x2^X3\]A)[x3‘^{-)] 

and so this context has to be caught too. We specify these 
context in Table IVIII as chain contexts C, defined using the 


1^1 


|f| -I- |u| ' 

^('u.Tr 
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Table VII 

Identity, Chain, and Chain-Starting Context + Rewriting Rules of the Unchaining FBC 


1,1' ::= (■) I I{x)[x^I'] I I[x<^t] 

C,C' ::= S(x)[x^I] I C(x)[x^I] \ S{C) 


Rule (Already Closed by Contexts) 
S{L{lx.t)u) ^om S{L(t[x<^u])) 


Side Condition 
S{{-)u) is useful 


;= S[y^I{x)] 

S{cy := 


S(S'{a:)[a;^I/{u)]) -<3oes 5(L(S'(u)[a:<-u])) S(5'[a:<-L{i;)]) is useful 

S{C{x)[x->-L{v)]) -^oec >S’(i(C(u)[a;'i-i;])) S(C“^[a;<-L(i;)]) is useful 


auxiliary notion of identity context I, that captures a simpler 
form of chain (note that both notions are not shallow). 

Given a chain context C, we will need to retrieve the point 
where the chain started, i.e. the shallow context isolating the 
variable at the left end of the chain (cci in the example). We 
are now going to define an operation associating to every chain 
context its chain-starting (shallow) context. To see the two as 
contexts of a same term, we need also to provide the sub-term 
that we will put in (7^that will always be a variable). The 
chain-starting context (7® associated to the chain context C 
(with respect to x) is dehned in Table IVIII 

For our example C := {xA)[xi<^X‘^[x 2 *^x^][x^<^{-)] we 
have (7“^ = {{■)A)[xi^X 2 \[x 2 '^xz\[xz'^X 4 \, as expected. 

Rewriting Rules: the rules of the Unchaining FBC are 
in Table IVIII Note that the exponential rule splits in two, the 
ordinary shallow case ^oes (now constrained to values) and 
the chain case -^oec (where the new dehnition play a role). 
They could be merged, but for the complexity analysis and 
the relationship with the next machine is better to distinguish 
them. We use ^oe for _^oes U ^oec, and ^of for ^om 
U —Ooe- Note the use of (7“ in the third side condition. 

A. Linearity: Multiplicative vs Exponential Analysis 

To prove that —implements —with a global bound, and 
thus with a linear overhead, we need to show that the global 
number of exponential steps (^oe) in a ^of-derivation is 
bound by the number of multiplicative steps (^om)- We need 
the following invariant. 

Lemma 7 (Subterm Invariant). Let t be a l-term and d : t — o* 
u. Then every value in u is a value in t. 

A substitution t[x^u] is basic if u has the form L{y). The 
basic size |f|b of t is the number of its basic substitutions. 

Lemma 8 (Steps and Basic Size). 

1) If t ^oes u then lulb = |f|b; 

2) If t -<^oec u then |f|b > 0 and |ii|b = |f|b — 1/ 

3) If t ^om u then |M|b = |f|b or |u|b = |f|b + 1- 

Lemma 9. Let t be initial and d : t —°of u. Then |u|b < 

|d|oin |d|oec- 

Proof: by induction on |(i|. If |(i| = 0 the statement holds. 
If Ml > 0 consider the last step w —Oof u of d and the prefix 
e : t — o*f w of d. By i.h., |Lt;|b < |e|om — |e|oec- Cases of 


w ^of u. 

Shallow Exponential Step —°oes' 

kib <lM\ 

^i.h. I^lom l^loec 1 

— I^lom (l^loec “1“ 1) — |^|om |^|oec 

Chain Exponential Step —Ooec- 

|^|b — /^ |3|2| l^|b —i.h. I^lom |^|oec — l^lom |^|oec 

Multiplicative Step —Oom- 

l«|b l^lb + 1 

"fii.h. Mlom Mloec “f 1 

— C T 1 |c|oec — Mlom |d|oec ® 

Corollary 2 (Linear Bound on Chain Exponential Steps). Let 
t be initial and d : t u. Then |(i|oec < |d|om- 

Next, we bound shallow steps. 

Lemma 10 (Linear Bound on Shallow Exponential Steps). Let 
t be initial and d : t — Oof u. Then |d|oes < |d|om- 

Proof: first note that if t ^oes u then u ^om w, because 
by definition ^oes can fire only if it creates a ^om-redex. 
Such a fact and determinism of ^of together imply |d|oes < 
Mlom +1, because every ^oes step is matched by the eventual 
—Oom steps that follows it immediately. However, note that in 
t there are no explicit substitutions so that the first step is 
necessarily an unmatched ^om step. Thus |d|oes < |d|om- ■ 

Theorem 11 (Linear Bound on Exponential Steps). Let t be 
initial and d : t —o*f u. Then |d|oe < 2 • |d|om- 

Proof: by definition, |d|oe = |d|oec + |d|oes- By Corol¬ 
lary |2] Mloec < M|om and by Lemma [TO] |d|oes < |d|om, and so 
Mice < 2- Mlom. ■ 

We presented the interesting bit of the proof of our im¬ 
proved high-level implementation theorem, which follows. The 
remaining details are in the appendix. 

Theorem 12 (Linear High-Level Implementation). (—5>f, ^of) 
is a globally bounded high-level implementation system, and 
so it has a linear overhead wrt 

Last, the structural equivalence = is a strong bisimulation 
also for the Unchaining EBC. 

Proposition 5 (= is a Strong Bisimulation). Let x C 
{om, oms, omc}. Then, t = u and t — t' implies that there 
exists u' such that u — Ox u' ond t' = u'. 
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Table VIII 

Transitions of the Unchaining GLAMoUr 



D 


€ 

tu 

TT 


E 


D : (t, tt) 

€ 

u 

€ 

E 


D 


€ 

lx.t 

<f>‘ ■■ 

TT 

E 

^om 

D 

€ 

t 

TT 


D 

a 

tt) 

€ 

lx.u 

€ 


E 


D 

€ 

t 

(Ix.u)'^ : TT 

E 

D 


tt) 

€ 

a 

tt' 


E 


D 

e 

t 

(a, tt')^ : TT 

E 

D 

(t 

tt) 

€ 

X 

Tl' 


Ei[x^<I>^]E2 

^C4 

D 

€ 

t 

(fc, : TV 

Ei[x^<j}^]E2 

D 


tt) 

€ 

X 

e 


El [x^u'^]E2 

^C5 

D 

€ 

t 

x'^ : TT 

El [xf-u'"]E2 


D 


€ 

X 

4>' : 

TT 

El [x<-1E]E2 

^^oes 

D 

e 

v°‘ 

: TT 

Ei[x^v'’]E2 


D 


H 

X 

tf)' : 

TT 

El [x^yL]E2 


D 

H : X 

y 

: TT 

Ei[x^yL]E2 


D 


H:y 

X 

tf)' : 

TT 

E‘ 

^^oec 

D 

H 

y 

: TT 

E° 


with E‘ ■.= Ei[x<-v‘"]E2[y->-x'"]E3, E° := Ei[x-i-v^]E2[yi-v°‘‘^]E3, and where is any code a-equivalent to v 
that preserves well-naming of the machine. 


XIV. Unchaining GLAMoUr 

The Unchaining GLAMoUr machine, in Table lVIlIl behaves 
like the GLAMoUr machine until the code is a variable xi 
that is hereditarily bound in the global environment to a value 
via the chain [xi-<^X 2 Y ■ ■ ■ [xn-^vY- At this point the machine 
needs to traverse the chain until it finds the final binding 
[Xn^v]" , and then traverse again the chain in the opposite 
direction replacing every [xi^Xij^]]" entry with 

The forward traversal of the chain is implemented by a new 
commutative rule that pushes the variables encountered in 
the chain on a new machine component, called the chain heap. 
The backward traversal is driven by the next variable popped 
from the heap, and it is implemented by a new exponential 
rule (the chain exponential rule, corresponding to that of the 
calculus). Most of the analyses performed on the GLAMoUr 
machine carry over to the Unchaining GLAMoUr without 
modifications. 

Every old grammar is as before, and heaps are simply lists 
of variables, i.e. they are defined hy H ■.:= e \ H : x. 

Decoding and Invariants: because of chain heaps and 
chain contexts, the decoding is involved. 

First of all, note that there is a correlation between the chain 
and the environment, as the variables of a chain heap H = 
Xi Xn need to have corresponding entries [xi<-x^_^_^]. 

More precisely, we will show that the following notion of 
compatibility is an invariant of the machine. 

Definition 7 (Compatibility Heap-Environment). Let E be an 
environment and H = xi Xn be a heap. We say that H 

is compatible with E if either H is empty or {xi^x\_^^ C E 
for i < n, C E, and C E for some (f". 

Given a state s = {D, H,t,TT, E), the dump, the stack and 
the environment provide a shallow context Sg ■= {D.{e})M. 
that will be shown to be evaluable, as for the GLAMoUr. 

If the chain heap H is not empty, the current code t is 
somewhere in the middle of a chain inside the environment, 
and it is not apt to fill the state context Sg. The right code is 
the variable xi starting the chain heap H = xi : ... : x„, i.e.: 

t := t t := Xi 

Finally, a state decodes to a term as follows: s := Sg(f^). 


Lemma 11 (Unchaining GLAMoUr Invariants). Let s = 
(D, E) be a state reachable from an initial code t. 

1) Closure.' s is closed and s is well named; 

2) Value.' values in components of s are sub-terms oft; 

3) Fireball.' is a fireball (of kind 1) for every code t in 
TT and E; 

4) Evaluability.' ^ I2Xe’ —\-e’ evaluable cont.; 

5) Environment Size.' the length of the global environment 
E is bound by Ipjm- 

6 ) Compatible Heap.' if H f e then the stack is not empty, 
u = X, and LI is compatible with E. 

We need additional decodings to retrieve the chain¬ 
starting context C in the side-condition of —Ooec rule, that— 
unsurprisingly—is given by the chain heap. Let s = {D,H : 
y, t, TT, E) be a state s.t. H : y is compatible with E. Note 
that compatibility gives E = Ei[y-i^t"]E 2 . Define the chain 
context Cg and the substitution context Lg as: 

a := Lg := ^ 

The first point of the following lemma guarantees that Cg 
and Lg are well defined. The second point proves that filling 
Lg{Cs) with the current term gives exactly the decoding of the 
state s = Sg{y^), and that moreover the chain starts exactly 
on the evaluable context given by the state, i.e. that Sg = 
Lg{K^). 

Lemma 12 (Heaps and Contexts). Let s = {D, H : y,x, tt, E) 
be a state s.t. H : y is compatible with E. Then: 

1) Lg is a substitution context and Cg is a chain context 

2) s. t. s = Sg{y^) = Lg{Cg{x)) with Sg = Lg{tf^) 

We can now sum up. 

Theorem 13 (Unchaining GLAMoUr Distillation). 
(Unchaining GLAMoUr,—Oai,=,_:f) is a reflective explicit 
distillery. In particular, let s be a reachable state: 

1) Commutative.' if s 23456 §. = 

2) Multiplicative.' if s s' then s —Oom= s^' 

3) Shallow Exponential.' if s -^oes s' then s —Ooes s^ 

4) Chain Exponential.' if s -^oec s' then s —Ooec 

A. Bilinearity: Principal vi Commutative Analysis 

Bilinearity wrt 2345 1^ identical to that of the GLAM¬ 
oUr, thus we omit it and focus on -^ce- 
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The size \H\ of a chain heap is its length as a list. 

Lemma 13 (Linearity of ^ce)- ^ = {D,H,t,TT,E) be a 

state reached by an execution p. Then 

1) \p\c, = \H\ + Iploec 

2) |iT| < IpU- 

3) |p|c6 < |p|m + |p|oec = 0{\p\p). 

Proof: 71 By induction over \p\ and analysis of the 
last machine transition. The steps increment the size 

of the heap. The ~^oec steps decrement it. All other steps 
do not change the heap. 2) By the compatible heap invariant 
ILemma llllhb . |7J| < \E\. By the environment size invariant 
(Lemma |ll|51 l. \E\ < |p|„. Then |7L| < |p|m. 3) Plugging 
Point |2] into Point [T] ■ 

Corollary 3 (Bilinearity of -^c). Let s be a state reached by 
an execution p of initial code t. Then \p\c < (1 + |p|e)|f| + 

|p|m + |p|oec = 0((1 + \p\p) ■ |7|)- 

Finally, we obtain the main result of the paper. 

Theorem 14 (Useful Implementation). 

1) Low-Level Bilinear Implementation.- a ^oi-derivation 
d is implementable on RAM in 0((1 + |(7|) • |f|) steps. 

2) Low + High Bilinear Implementation.- a -derivation 
d is implementable on RAM in 0((1 + |(7|) • |f|) steps. 

Let us conclude with a remark. For our results to hold, 
the output of the computation has to be given in compact 
form, i.e. with ES. The unfolding a term t with ES may 
have size exponential in the size of t. It is important to show, 
then, that the common operations on A-terms, and in particular 
equality checking (up to a-conversion), can be implemented 
efficiently on the shared representation, avoiding unfolding. 
In other words, we want to prove that ES are succinct data 
structures, in the sense of Jacobson 13^ . 

Despite quadratic and quasi-linear recent algorithms 0, 
E?) for testing equality of terms with ES, we discovered 
that a linear algorithm can be obtained slightly modifying 
an algorithm already known quite some time before (1976!): 
the Paterson-Wegman linear unification algorithm ll3^ (better 
explained in 13^ ). The algorithm works on first order terms 
represented as DAGs, and unification boils down to equality 
checking when no metavariable occurs in the involved terms. 

To apply the Paterson-Wegmar algorithm, we need to over¬ 
come two difficulties. The first one is that ES implement 
sharing explicitly: to represent the term tt sharing the two 
occurrences of t we need to introduce a variable and an ES, 
obtaining xx[x<-t]. On the contrary, the input to Paterson- 
Wegmar should be a DAG where the application node points 
directly twice to the root of t. The required change in repre¬ 
sentation can be easily computed in linear time in the size of 
the input. The second difficulty is that Paterson-Wegmar works 
on first-order terms, while we want to consider a-conversion. 
If we assume that occurrences of A-bound variables point to 
their binder, two variables are a-equivalent when they point 
to nodes that have already been determined to be candidates 


for equality. The details of the adaptation of Paterson-Wegmar 
are left to a forthcoming publication. 
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Appendix A 

Proofs Omitted From Sect.ITvI 
(The Fireball Calculus) 

The following lemmas are required to prove Theorem [T| 

Lemma 14. Let t be a closed -normal term. Then t is a 
fireball. 

Proof: by induction on t. Cases: 

1) Variable. Impossible, because t is closed. 

2) Symbol and Abstraction. Then f is a fireball. 

3) Application. Then t = uw, with u and w both closed and 

—:>f-normal. By i.h. they are both fireballs. Moreover, u 
cannot be a value, otherwise t would not be -normal. 
Then it is a inert and f is a fireball. ■ 

Lemma 15. Let t be a inert or a fireball. Then t is -normal. 

Proof: by induction on t. If f is a value i; or a symbol a 
then it is -normal. Otherwise t = Af and by i.h. both A 
and / are ^-f-normal. Since A cannot be an abstraction, t is 
-normal. ■ 

Lemma 16 (Determinism of —>^f). Let t be a term. Then t has 
at most one — redex. 

Proof: by induction on t. Cases: 

1) Variable, Symbol, or Abstraction. No redexes. 

2) Application t = uw. By i.h., there are two cases for w: 

a) w has exactly one redex. Then t has a — 
redex, because u{-) is an evaluation context. More¬ 
over, no —redex for t can lie in u, because by 
Lemma [TSl w is not a fireball, and so {■)w is not 
an evaluation context. 

b) w has no redexes. If w is not a fireball then t 
has no redexes, because {■)w is not an evaluation 
context. If w is a fireball we look at u. By i.h., 
there are two cases: 

i) u has exactly one redex. Then t has a — 
redex, because is an evaluation context and 
w is a fireball. Uniqueness comes from the fact 
that w has no —redexes. 

ii) u has no — redexes. If u is not a fireball (and 
thus not a value) then t has no redexes. If u is 
a fireball there are two cases: 

• u is a inert A. Then f is a fireball. 

• u is a value lx.r. Then t — {lx.r)w is a 

—redex, because w is a fireball. Moreover, 
there are no other —redexes, because eval¬ 
uation does not go under abstractions and w 
is a fireball. ■ 

Proof of Theorem 1 (page 4) 

Proof: by Lemma [16] and Lemma [T4| ■ 
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The following easy properties of substitution will be needed 
later. 

Lemma 17. 

1) Substitutions Commute.- 
t{x-^u}{y<^w} = t{y-^w}{x-^u{y->^w}}; 

2) Fireballs are Stable by Substitution.- 

a) If u is a inert then u{x<^t} is a inert, and 

b) if u is a fireball then u{x*^f\ is a fireball. 

3) —s-f and Substitution Commute.- if F{t) — F{u) 
with t I —u then F{t){x<-w} — F{u){x-^w} with 
t{x-^w} I— 

Proof: 

1) By induction on t. 

2) By induction on u. 

a) u is a inert. Cases: 

i) If u = a then u{x<-t} = a{x<-t} = a is a 
inert. 

ii) If w = L'{A)L"{f) then by i.h. L'{A){x-^t} 
is a inert and L"(/){x<-f} is a fireball, 
and so u{x^t} = {L'{A)L"{f)){x^t} = 
L'{A){x^t}L" {f){x^f} is a inert. 

b) u is a fireball. Cases: 

i) u is a value Xx.w. Then = 

Xx.w{x^t}, which is a value, i.e. a fireball. 

ii) u is a inert A. Then by Point |2a] u{x^t} is a 
inert, i.e. a fireball. 

3) By induction on F. Cases: 

a) Empty context F = (•). If f = (Xy.r)f i— 
r{y<-/} = u then 

t{x^w} = 

ii>'y-i")f){x^w} = (def. of 

{Xy.r{x-^w})f{x^w} —>-f 

r{x<-w}{y^f{x-i-w}} = (Point [T]i 

r{y^f}{x^w} = 

u{x-^w} 

b) Application Right F = rF'. Then 

F{t){x<-w} = 

{rF'{t)){x<-w} = 

r{x^w}F' {t){x^w} —J-f (i.h.) 

r{x^w}F' {u){x<^w} = 

{rF'{u)){x^w} = 

F{u){x<^w} 

c) Application Left F = F'f. Then 

F{t){x<^w} = 

{F'{t)f){x^w} 

F'{t){x^w}f{x^w} — (i.h. & Point l2b]) 

F'{u){x<^w}f{x<^w} = 

{F'{u)f){x^w} = 

F{u){x^w} 


Appendix B 

Proofs Omitted From Sect.IvTI 
(Fireballs and Explicit Substitutions) 

A. Closed Normal Forms and Determinism 

The first step is to identify the reduction invariants, the most 
important one being the shape of terms—called proper —that 
are produced by the strategy starting with a term without 
ES. 

Definition 8 (Proper Term). A term t is proper if 

1) ES.- any explicit substitution in t contains an answer, 
and 

2) Value.- any value in t does not contain ES. 

We also say that an ES is proper when it contains a proper 
answer. 

Note that initial terms (having no ES) are proper and so 
the next lemma applies in particular when the starting term is 
initial. 

Lemma 18 (Proper Invariant). Let t be a proper term. If t —oj 
u then u is proper. 

Proof: by induction on the length k of the derivation 
t u. If k — 0 the statement is just the hypothesis. 

Otherwise t w —o± u and by i.h. w is proper. 

Note that 1) multiplicative steps create proper ES, and 2) 
exponential steps copy proper fireballs only out of values and 
ES, preserving properness. ■ 

We now characterize normal forms: the next three lemmas 
conclude that normal terms are answers, and that answers are 
fireballs up to unfolding. 

Point 2.a of the next statement is given with respect to 
unfolding relative with shallow context (defined in Sect. |I3 
page 0 because it will be used in this more general form in 
later sections. 

Lemma 19 (Properties of Answers). Let t = L{u). Answers 
are -Of-normal, do not decompose as F{x), and (relatively) 
unfold to fireballs. More precisely, 

1) If u is a inert or a fireball then t is -Of-normal and it 
does not decompose as F (x), 

2) Moreover, 

a) If u is a inert then is a inert, 
h) If u is a fireball then is a fireball 

Proof: by induction on L. Cases: 

• Empty List {■). By induction on u. 

1) M is a inert. Cases: 

a) u is a symbol a. Then it is normal and clearly 
does not decompose as F{x). Moreover, tfg = 

is a inert. 

b) u is a inert L'{A)L"{f). Then by i.h. both 
L'{A) and L"{f) are normal. Since A can¬ 
not be an abstraction, the topmost application 
cannot be a ^^-redex, and so u is normal. 
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For each of L'{A) and L"{f) i.h. gives that 
it does not decompose as F{x). Then u does 
not decompose either. Moreover, by i.h. L'{A) 
is a inert and is a fireball, and so 

^4 =Ll30lI]^'(^)i^"(/)4 ^ 

2) u is a fireball. Cases: 

a) u is a value Xx.w. Then it is normal and does 
not decompose as F{x). Moreover, = 2 ,|;^()|i| 

which is a value, i.e. a fireball. 

b) u is a inert A. Given by the i.h.. 

• Non-Empty List L = L'[x<-w]. By i.h., L'{u) is normal 
and cannot be decomposed as F{x), and so there cannot 
be redexes involving [x<^w\. Thus t is normal. 

For the absence of a decomposition, note that—apart from 
the trivial decomposition {L{u)), that is not of the form 
F{x) —every decomposition of L{u) is obtained from 
a decomposition of L'{u) by appending [x<^w\, and so 
L{u) does not decompose as F{x). 

For the moreover part, by i.h. L'{u) verifies the state¬ 
ment for no matter which shallow context. Then tfg = 
L'{u)[x^w]l^ also verifies the 

statement. ■ 

Lemma 20 (Normal Form Characterization). Let t be a 
normal term. 

1) Either t is an answer, 

2) or t = F{x). 

Proof: by induction on t. Cases: 

1) Variable t = x. Here Point |2] holds, while evidently 
Point [U is false. 

2) Symbol t = a. Here Point [T] holds, and Point |2] is false. 

3) Abstraction t = Xx.u. Here Point [T] holds, and Point |2] 
is false. 

4) Application t — uw. By i.h. we are in one of the 
following two cases for the right sub-term w: 

a) Point Q] holds but not Point |2] By Lemma [19] w 
is normal. Note that {■)w is an evaluation context. 
The i.h. gives one of the following two cases for 
the left sub-term u: 

i) Point Q] holds but not Point \2\ Given that both 
u and w do not satisfy Point |2| neither does t. 
Being an answer, w has the form L{f). Two 
cases: 

A) / is a inert A. Then t = L{A)w is the 
application of a inert to an answer, which is 
a inert— i.e. an answer—and Point [T] holds. 

B) / is a value. Then < is a redex, absurd. 

ii) Point 121 holds but not Point Q] Then Point |2| 
holds for t, because {■)w is an evaluation con¬ 
text. Since u is not a inert, t is not answer, and 
Point [T] does not hold. 

b) Point 121 holds but not Point |7| Then Point |2| holds 
for t, because u{-) is an evaluation context, and 
Point [T] does not, because w is not an answer. 


5) Substitution t = u[x^w]. Since is an evalua¬ 

tion context we can apply the i.h., and fall into one of 
the two following cases: 

a) PointU] holds but not Point]2\ Then t is an answer, 
i.e. Point [T] holds. Note that since any non-empty 
evaluation context for t comes from an evaluation 
context for u. Point |2| holds for t iff it holds for u, 
i.e. it does not. 

b) Point^holds but not Point\J\ Then u = F'{y) and 

we conclude taking F := F'[x<-w]. Note that it 
may be that x = y, but in that case w is not an 
answer (otherwise there would be a redex). There 
is no contradiction, because we are not assuming 
t to be proper (case in which one necessarily has 
xf=y). m 

Corollary 4. Let t be a closed proper —Of-normal term. Then 
t is an answer and tfis -normal. 

Proof: if t is —Of-normal then by Lemma l20l either t is 
an answer or it has the form F{x). Suppose that it has the 
form F{x). Since t is closed, F has a substitution on x, and 
since t is proper, that substitution contains an answer. Then t 
has a ^g-redex, absurd. Then t is an answer. By Lemma [T9] 
tfis a fireball. By Lemma [T5] tfis -normal. ■ 

In order to prove determinism of the calculus, we need the 
notion of position and a final property of answers. 

The position of a multiplicative redex is the context F 
in which the rule takes place, and this is standard. The 
position of an exponential redex F'{F{x)[x^L{f)]) 

S'(L(F(f)\x^ f])) is the context around the substituted vari¬ 
able, i.e. F'{F[x^L{f)]). 

Given a term t, a redex is contained in a sub-term u if 
the whole rewriting pattern is contained in u. An exponential 
redex is partially contained in u if m contains the substituted 
variable (and then the position of the redex) but not the acting 
substitution. 

Lemma 21 (Answers do not (Partially) Contain Redexes). Let 
t = F (u) be a term with u an answer. Then no redex of t can 
have its position in u. 

Proof: by Lemma [T9| u is -normal and so no 
redex of t can have its position in u. Moreover, u is not of 
the form F{y) and so no ^g-redex of t can be entirely nor 
partially contained in u. ■ 

Lemma 22 (Determinism). Let t be a term and Fi and F 2 
the positions of two redexes in t. Then Fi — F 2 . 

Proof: let t = Fi{u). By induction on Fi. Cases: 

1) Empty Fi = {■). Cases: 

a) Multiplicative Redex, i.e. t = L{Xx.r)q with q an 
answer. By Lemma 1271 F 2 cannot lie in L{Xx.r) 
nor in q. Then necessarily F 2 = Fi = {■). 

b) Exponential Redex. This case is impossible because 
the position of an exponential redex is the context 
around the substituted variable and if Fi = (•) then 
t = X and there is no substitution acting on x. 


18 








2) Right Application Fi = rF[ and t = rFl{u). By 

Lemma [21] (u) is not an answer and so F 2 does not 

lie in r, nor F 2 can be empty (i.e. t = rF[{u) cannot 
be a ^m-redex). Then, F 2 — uF^, and the statement 
follows from the i.h. applied to and F^. 

3) Left Application Fi = F{L(/) and and t = F[{u)L{f). 
By Lemma 1271 F 2 does not lie in L{f). And F 2 cannot 
be empty (i.e. the position of a ^m-redex), because then 
F[{u) would have the form L{Xx.p), i.e. it would be an 
answer, and so by Lemma |2T| no redex positions can lie 
in F[{u), against the hypothesis of the case. Then, F 2 = 
F 2 W, and the statement follows from the i.h. applied to 
F{ and F^. 

4) Substitution Fi = Then necessarily F 2 = 

F 2 (remember the position of a ^g-redex is given 

by the context around the substituted variable, and not by 
the one around the acting substitution) and the statement 
follows from the i.h.. ■ 

Corollary 5. Let t be a proper closed term. Then either t 
contains exactly one —Of-redex, or t is an answer. 

Proof: by Lemma |22l t contains at most one redex. If it 
contains no redexes, then by Corollary |4] it is an answer. ■ 

B. Structural Equivalence 

The aim is to prove the strong bisimulation of structural 
equivalence, whose proof relies on the next lemma. 

Lemma 23. The equivalence relation = preserves the 
“shapes” of L{f) and F{x). Formally: 

1) If L{f) = t, then t is of the form L'{g). 

2) If F (x) = t, with X not bound by F, then t is of the 
form F' (x), with x not bound by F'. 

Proof: 

1) By induction on L. 

2) By induction on F. 

■ 

Now, we are ready for the bisimulation property. 

Proof of Proposition 2 (page 6) 

Proof: 

Let ^ be the symmetric closure of the union of the axioms 
defining =, i.e. of =com U =@; U =@r U =[.]. Note that = 
is the reflexive-transitive closure of The proof is in two 
parts: 

(I) Prove the property holds for i.e. if t -^a u and 
t ^ w, there exists r s.t. w —Oa r and u = r. 

(II) Prove the property holds for = (i.e. for many steps 
of ^) by resorting to (I). 

The proof of (II) is immediate by induction on the number of 
steps. The proof of (I) goes by induction on the rewriting 
step —0 (that, since ^ is closed by evaluation contexts, 
becomes a proof by induction on the evaluation context F). In 
principle, we should always consider the two directions of 
Most of the time, however, one direction is obtained by simply 


reading the diagram of the other direction bottom-up, instead 
than top-down; these cases are simply omitted, we distinguish 
the two directions only when it is relevant. 

The proof of the strong bisimulation property is by induction 
on 

1) Base case 1: multiplicative root step t = 

L(lx.t')L'{f) u = L{t'[x<^L'(f)]). The nontrivial 
cases are when the ^ step overlaps the pattern of the m- 
redex. Note that by Lemma l23lll if the ^ is internal to 
L'{f), the proof is direct, since the m-redex is preserved. 
More precisely, if L'{f) ^ L"(g), we have: 

L{lx.t')L'{f) -^-o L{t'[x^L'{f)]) 

1;;^ 

L{lx.t')L"{g) - •----oL{t'[x^L"{g)\) 

Consider the remaining possibilities for 
a) Commutation of independent substitutions =com- 
The commutation of substitutions must be in L, 
i.e. L must be of the form Li{L2[y^u'][z^w']) 
with 2 : ^ fv(u'). Let L := Li{L2[z^w'][y^u']). 
Then: 


L{lx.t')L'{f) - 

- 0 L{t'[x^L'{f)]) 

—com 

L{lx.t')L'{f) - 

—com 

-----oL{t'[x^L'{f)]) 


b) Commutation with the left of an application =@i- 
The diagram is: 

L{lx.P)[y^q] L'{f) -"-o L{t'[x^L’{f)])[y^q] 

=@ = 

{L{lx.t') L'{f))[y^q\ L{t'[x^L'{f)\)[y^q\ 

c) Commutation with the right of an application =@r- 
The diagram is: 

L(lx.t'} L'(f}[y^q] -^-o L(t'lx^L'(f}ly^q]]} 

=[■] 

L(t'lx^L'(f}]ly^q]} 

_ * 

—com 

(L(lx.t'} L'(f})ly^q] - - - - o L(t'lx^L'(f}]}ly^q] 

d) Composition of substitutions =[.]. The composition 
of substitutions must be in L, i.e. L must be of the 
form Li{L2[y‘^u'][z<^w'\) with z ^ fv(L2{lx.t')). 
Let L := Li{L2[y^u'[z<^w']]). Then: 

L{lx.t')L'(f) -^-o L(t'[x^L'{f)]) 

=[•] =[•] 
L{lx.t')L'{f) - -----oL{t'[x^L'{f)\) 

2) Base case 2: exponential root step 

t = F{x)[x^L{f)] i-j-e u = L(F(/)[x<-/]). Consider 
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first the case when the ^-redex is internal to F{x). 
By Lemma I23I2I we know ^ preserves the shape of 
F{x), i.e. F{x) ^ F{x). Then; 

F{x)[x^L{J)\ -^-o L{F{f)[x^f\) 

^ = 
F{x)[x^L{f)] - -----oL{F{f)[x^f]) 

If the ^-redex is internal to one of the substitutions 
in L, the proof is similarly straightforward. Note that 
the ^-redex has always a substitution at the root. The 
remaining possibilities are that such a substitution is in 
L and it interact with constructors outside L, or that it 
is precisely [x'f-L(/)]. Axiom by axiom: 

a) Commutation of independent substitutions =com- 
The case where both commuted substitutions be¬ 
long to L has already been treated. The remaining 
possibility is that F — F'[y^t'] and [x<-L(/)] 
commutes with [y-<^t'] (which implies x ^ fv(f')). 
Then: 

F'{x)[y^t'][x^L{f)] -^-o L{F'{f)[y^t'][x^f]) 

—com =* _ 

—com 

F'{x)[x^L{f)][y^t'] - - - -1 - - o L{F'{f)[x^f])[y^t'] 

b) Commutation with the left of an application 
=m- The only possibility is that the substitution 
[x'!-L(/)] is commuted with the outermost appli¬ 
cation in F{x), i.e. F = F'L'(g). Then, 

iF'{x)L'{g))[x^L{f)] -^-o L{{F'{f) L'{g))[x^f]) 


rule is applied from left to right, since it would 
imply that F{x) = F' {x)[y^t'] with x ^ F'{x), 
which is a contradiction. 

Finally, if the =[.] rule is applied from right to left, 
L is of the form L'[y<-t'] and: 

F{x)[x^L'{f)[y^t']] -^-o L'{F{f)[x^f])[y^t'] 

=[■] 

F{x)[x^L'{f)][y^t'] -- - - <3 L'{F{x)[x^f])[y^t'] 

3) Inductive case 1: left of an application F = F'L{f). 
The situation is; 

t = F'{t')L{f)^wL{f)=u 

for some w. If the ^ step is internal to F'{t'), the 
result follows by i.h., and if it is internal to L{f), it is 
straightforward to close the diagram by resorting to the 
fact that = preserves the shape of L{f) (Lemma |2^ . 
The nontrivial case is when the ^ step overlaps F'{t') 
and L{f). There are two cases: 

a) The substitution comes from t'. That is, F' = (•) 
and t' has a substitution at its root. Then t' must 
be a I—3-e-redex t' = V"{x)[x-^L{f)]. The diagram 
then is the same as in case |2b] reading it bottom- 
up. 

b) The substitution comes from F'. That is: F' = 
V"\x-^r] and the rewriting step is internal to 
V"{t'), reducing it to w', i.e. w = w'[x^r\. The 
proof is then straightforward; 

V''{t')[x^r] L{f) -o w'[x^r] L{f) 


=@i 

L{F'{f)[x^f]L'{g)) 

—m 

F'{x)[x^L{f)]L'{g) ------- -o L{F'{f)[x^f])L'{g) 

The step is justified by the fact that in the 
source term {F'{x) L'{g))[x^L{f)] the context L 
is only around f, and so it cannot capture variables 
in L'(g). 

c) Commutation with the right of an application =@r- 
similarly to the previous case 

(t'F'(x})[x^L(f}j -^-o L((t'F'(f})[x^f]} 

— @r 

=@r L(t'F'(f)lx^f]) 

t'F'(x}lx^L(f}] - °----o t'L(F'(f}[x^f]} 

The step is justified by the fact that in the 
source term {F'{x) L'(p))[x'f-L(/)] the context L 
is only around /, and so it cannot capture variables 
in t'. 

d) Composition of substitutions =[.]. The only possi¬ 
ble case is that [x<-L{f)] is the outermost substitu¬ 
tion composed by =[.]. This is not possible if the 


=m =@i 

{V''{t')L{f))[x^r] -o {w',L{f))[x<^r] 

c) The substitution comes from L. That is: L = 
L'[x'f-r]. Then 

F'{t') L'{f)[x^r] -o wL'{f)[x^r] 

— @r —@r 

{F'{t') L'{f))[x^r] -o {w, L'{f))[x^r] 

4) Inductive case 2: right of an application F = qF'. 
The situation is: 

t = qFft') ^ qr = u 

for some r. Reasoning as in the previous case (left of 
an application), if the ^ step is internal to F'{t'), the 
result follows by i.h., and it is immediate also if it is 
internal to q. 

The remaining possibility is that the ^ step overlaps 
with q or F'{t'). As in the previous case, this is only 
be possible because of a commutation with application 
rule. Cases: 

a) The substitution comes from t' . That is, F' = (•) 
and t' is a i—:>e-redex t' = V"{y)[y-^L' {f)\. The 


20 


















diagram then is the same as in case 123 reading it 
bottom-up. 

b) The substitution comes from F'. That is, F' = 
V"[x-^w'\. This case is then straightforward: 


qV" {t')[x^w'] 


-o qr[x^w'] 


—@r 


{qV"{t'))[x^w'] -O {qr)[x^w'] 

c) The substitution comes from q. That is, q = 
9 '[x'f-tu']. This case is straightforward: 


qfx^w'] F'{t') 


-O q'[x-<^w'] r 


=m =m 

{q' F'{t'))[x^w'] -o {q'r)[x^w'] 

5) Inductive case 3: left of a substitution F = F'[x<^q]. 
The situation is: 

t = F'{t')[x<^q] r[a;<-g] = u 

If the ^ step is internal to F'{t'), the result follows by 
i.h.. If it is internal to q, the steps are orthogonal, which 
makes the diagram trivial. The remaining possibility is 
that the substitution is involved in the ^ redex. 

By case analysis on the kind of the step =: 
a) Commutation of independent substitutions =com- 
Since F'{t') must have a substitution at the root, 
there are two possibilities: 

i) The substitution comes from t'. That is, F' = 
{■) and t' is a i->-e-redex t' = V"{y)[y^L{f)], 
with X ^ fv(L(/)). Then: 


-o L{V''{f)[y^f])[x^q] 




V"{y)[x^q][y^L{f)] - L{V''{f)[x^q][y^f]) 

ii) The substitution comes from F'. That is, F' = 
V"\y-^w'] with X ^ fsr{w'). This case is direct: 


V"{t')[y^w'][x^q] 


while the right case is case [3c] (again bottom- 
up). 

iii) The application comes from F' — q V". Sim¬ 
ilarly to the previous case, it reduces to cases 
l4b]andl43 

c) Composition of substitutions =[.]. Two sub-cases: 

i) The substitution comes from t'. That is, F' = 
{■) and t' is a i->-e-redex t' = V"{y)[y^L{f)], 
with X ^ fv(y"{y)). Then: 


-o L{V''{f)[y^f])[x^q] 


y"{y)[y^L{f)][x^q] 


y''{y)[y^L{f)[x^q]] - - - - L{V''{f)[y^f])[x^q] 

ii) The substitution comes from F'. That is, F' = 
V"[y^w'] with X ^ fv(F"(f')). Then: 


-o V"{u')[y^w'][x<^q] 


-O V"{u')[y^w'][x^q] 


V"{t')[x^q][y^w'] - - - - - o V{u')[x^q][y^w'] 

b) Commutation with application =@. F'(t') must be 
an application. This allows for three possibilities: 
i) The application comes from t'. That is, F' = {■) 
and t' is a 1 —^^-redex t' = L{ly.t") L'{f). two 
sub-cases, whether [x<-g] commutes on the left 
or on the right of the application. The left case 
is case[T3(read bottom-up), while the right case 
is case [13 (again bottom-up), 
ii) The application comes from F' = V" L{w'). 
There are two sub-cases, whether com¬ 

mutes on the left or on the right of the applica¬ 
tion. The left case is case [23 (read bottom-up). 


V”{t')[y^w'][x^q] 


V''{t')[y^w'[x^q]] - oV"{u')[y^w'[x^q]] 


A final lemma about the = relation will be useful later: 

Lemma 24 (ES Commute with Evaluation Contexts via =). 
Let S be a shallow context s.t. x ^ fv(5') and S doe not 
capture the variables in fv(M). Then 5'(f[a:<-M]) = >S'(f)[x<-u]. 

Proof: by induction on S. 

1) Empty Context S = (•). Then 5'(f)[a:<-M] = t[x*^u] = 

2) Application Left S = S'w. Then 

5'(f[a:<-u]) = 

S'{t[x^u])w = (by i.h.) 

S'{t)[x^u\w =@i 

{S'{t)w)[x^u] = 

S(t)[x-^u] 

3) Application Right F = wF'. Then 

S{t[x^u]) = 

wS'{t[x^u\) = (by i.h.) 

wS' {t)[x-^u] =@r 

(w5"(f))[x<-u] = 

S'(f)[a:<-M] 

4) Substitution F = F'[y<^w]. Then 

S''(f[a:<-u])[y<-ti;] = (by i.h.) 

S'{t)[x^u][y^w] =com 
S'{t)[y<^w][x<-u] = 

S {t) [a:^ai] 

Note that =com can be applied because of the hypotheses 
X ^ fv(S') and S doe not capture the variables in fv(it). 
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Appendix C 

Proofs Omitted From Subsect. IVII-AI 
(High-Level Implementation) 

First, the High-Level Implementation Theorem. 

Proof of Theorem 3 (page 6) 

Proof: the proof is a minimal variation over the proof 
of Theorem 4.2, page 4, in IT]. Essentially we merged the 
trace and syntactic bound properties of that statement into our 
locally bound property. Note that for the global bound there 
is nothing to prove, it follows from the the hypothesis itself 
and projection. ■ 

Now, we prove that (—is a high-level implementa¬ 
tion system, i.e. Theorem |4] 

The normal form property required for high-level implemen¬ 
tation system has already been proved (Theorem |2]l. It only 
remains to prove the projection property. 

Lemma 25 (Projection of a Rewriting Step). Let t = F{u) 
and F be an evaluation context. 

1) Multiplicative Projection.- if t —Om w then tf wj. 
More precisely, if F{u) —Om F{w) with u i-Am w then 
Pliuip) 

2) Exponential Projection.- if t w then tf = 


b) Application Left F = F'L{f). Then 
F'{u)L{f) — F'{w)L{f) with u H-m w. We 
have; 

F{u)i 

{F'{u)L{f))l = 

F'{u)iL{f)l (i.h.) 

F'iwmm = 

{F'{w)L{m = 

F{w)l 

Actually, the —step is justified by the i.h. and the 
fact that {■)L{f)f is an evaluation context because 
L{f)i. is a fireball (by Lemma [T9] l. The i.h. also 
gives ufp, I—J-f wfp,. To conclude note that ufp = 

ufp, j: ttfpi 'Utfp, wfp,j, 'Utfp- 

c) Application Right F = wF'. Eollows from the i.h., 
along the lines of the previous case. 

d) Substitution F = F'[x^t\. Then F'{u)[x*^r\ 

with u H-m w. We have; 

F{u)i 

F'{u)f{x*^rf^ (i.h. and Lemma fTTI) 


Proof: 

1) By induction on F. Cases; 

a) Empty Context F = (•). Let t = L{lx.r)L'{f) i— 
L{r[x<-L'(f)]) = w. By induction on L. Two 
cases; 

i) Empty context L = (•). Then 

t = lx.rL'{f) !->•[„ r[x<-L'(/)] = w 


4 

{{lx.r)L'{f))i = 
{lx.r])L'{f)i 
r\{x‘^L'{f)\f = 

r[x^L'{f)]i = 

wf 


ii) Substitution L = L'[y-^q]. Then 
t = L{lx.r)[y^q]L'{f) H-m 
L{r[x^L'{f)])[y-<^q] = w. We have 


4 

{L{lx.r)[y^q]L'{f))l 

L{lx.r)[y^q]lL'{f)i 

L{lx.r)l{y^ql}L'{f)_l 

L{lx.r)lL'{f)i{y^ql\ 

{L{lx.r)L'{f))i{y^ql} 

L{r[x^L'{f)])l{y^ql} 

L{r[x^L'{f)])[y^q]l 

wf 


i-Af (i.h. 

and Lemma [TtTi 


The i.h. also gives ufp, i— wfp,. To conclude 
note that 


'^■If ~ 

ufp, {x-^rf} (Lemma [iTll 

= 

wiF'[x^r\ = 

Wfp 


2) We prove that if t H>e w then tf= u>4,for any evaluation 
context F. Prom Lemma I30I3I the statement follows. 
By induction on F. We have t — F'{x)[x-<^L{f)] i—;>e 
L{F'{f)[x^f]) = w. By induction on L. Two cases; 
a) Empty context L — {■). Then t = F'{x)[x^f] i—;>e 
F'{f)[x^f] = w 


4 

F'{x)[x^f]i 

F'{x)l{x^ff} 

F'l{xip,){x^ff} 

F'l{x){x^ff} 

F'lifM^^n} 

F'mp,){^^fi} 

F'imix^fi} 

F'{f)[x^f]i 

wf 


(by Lemma I30l61 l 


b) 


Substitution L = L'[y*^q\. Then t = 

F'{x)[x^L{f)[y^q]] H-e L{F'{f)[x^f])[y^q] = 
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F'{x)[x^L{f)[y^q]]l 
F'{x)i{x^L{f)[y^q]J} 
F'{x)i{x^L{f)l{y^ql}} = 

F'{x)l{x^L{f)l}{y^q^ = 

F'{x)[x^L{f)]l{y^q^ = (hy i.h.) 

L{F'{f)[x^f])l{y^ql} 
L{F'{f)[x^f])[y^q\l 
wl 


To prove that (—J'f,—°f) is a high-level implementation 
system we only have to put together the various results. 
Proof of Theorem 4 (page 6) 

Proof: immediate from Corollary |2 and Lemma ■ 


Appendix D 

Proofs Omitted From Subsect. IV1I-BI 
(Low-Level Implementation: Abstract Machines) 

Proof of Lemma 1 (page 7) 

Proof: straightforward induction on the length of 
t (—> U =)* u, using the strong bisimulation property. ■ 

Proof of Theorem 5 (page 7) 

Proof: the proof can be found in IfTSi (Theorems 4.2 and 
4.4) up to trivial modihcations due to minor changes in the 
dehnition of distilleries and their properties. ■ 


Appendix E 

Proofs Omitted From Sect. IVIIH 
(An Ineeficient Distillery: the GLAM Machine) 

The aim of this section is to prove Theorem [T] i.e. that 
(GLAM, —Of, is a reflective explicit distillery. 

Proof of Lemma 2 (page 9) 

Proof: by induction over the length of the execution. The 
base case holds because t is initial. The inductive step is by 
cases over the kind of transition. All the verifications are trivial 
inspections of the transition. ■ 

The first step to prove Theorem |7] is the distillation 
property. Note from the statement that the distillation is 
explicit (see Definition [^l. 


• Case 

{D,fu,Tr,E) = 

{D{{tu)n))E 
{D{miL){F))E = 


((f,7r) : 

D{{u)))E = 

((f,7r) : 

D{e{u)))E = 

((f,7r) : 

D,u,e,E) 

Case 


(77, Ixl, u : tt,E) 

= 

(D{u : 7r(lx.t)))E 

= 

{12.{K{i^-x.t)u)) 

(bv Lemma |2|3|4| 

{D{T^(t[x^u\))}E 

= (by Lemma I24ll 

(^((t)7r) [a:<-u])L 

= 

(i2((7)7L))[a;^u] : E 


(77, t, TT , [x<-tZ] : E) 



Note that the multiplicative step is justified by points [2 
and|4]of Lemma|2l for which u is a fireball and {12_{n))E 
is an evaluation context. Moreover, the = step holds 
because by Lemma l2in (well-namednessl x occurs only in 
t and so by Lemma |24] the substitution commutes 

with the environment 77 (tt) . 

• Case 

{(i,Tr) : D,lx.u, e, E) = 

((f, tt) : D{e{lx.u)))^ = 

{I2.{{tlx.u)Tf))E_ = 

(Dl lx.u : TT (t)))E = 

{D,t, lx.u : TT, E) 

• Case ^^C 3 - 

((f,7r) : D,a,TT',E) = 

( (f,7r) : D {Tf_{a)))E = 

{D{n{t{a)TT!_)))E = 

(i2( (a)4 : 7r {f)))L = 

{D, t, ( 0)4 : TT, E) 

• Case ^e: 

{D,x,tt,Ei[x^u]E2) = 

{I1{{x)ti))Ei[x<-u]E2 = 

{{11{{x)2l))Fi \x<^u])E 2 (by Lemma |2I3I4|) 

{{D{{u°‘)Tf))^[x^u])^ = 

{Hi{F°‘) k))E l [a;<-u] E2 = 

{D, vP,TT, El [x<^u\E 2 ) 

Note that the exponential step is justified by points [2 and 
|4] of Lemma |2 for which u is a fireball and L 2 and 
4 ( 72 ( 11 )) are evaluation contexts. ■ 


Lemma 26 (Explicit Distillation). Let s be a reachable state. 
Then: 

1) Commutative.- If s 23 ^' ^ = 4." 

2) Multiplicative.- If s s' then s -^m= si; 

3) Exponential.- If s ^->6 s' then s 4 

Proof: 


Next we prove progress. We first need to redefine the size of 
the machine state to ignore the new environment component: 

Definition 9. \{D,t,TT,E)\ := |f| + 

Lemma 27 (Termination), A terminating 

Proof: just reuse the proof of Corollary ??. ■ 
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Lemma 28 (Determinism). The transition relation -w of the 
GLAM is deterministic. 

Proof: a simple inspection of the transitions show no 
critical pairs. ■ 

Lemma 29 (Progress), if s is reachable, nfc(s) = s and 
s —Ox i with X G {sm, se}, then there exists s' such that 
s -^x s', i.e., s is not final. 

Proof: by Lemma |2^ and Lemma |26] it is sufficient to 
show that every reachable stuck state decodes to a normal 
form. The only stuck forms are: 

• {D, X, TT, E) where x is not defined in E. The state is not 
reachable because it would violate the Closure invariant 
(Lemma 1211b . 

• (e, lx.t, e, E) that decodes to (Ix.t)^, that by the contex¬ 
tual decoding invariant (Lemma |2Ilb is a normal form. 

• {e,a,TT,E) that decodes to {{a)’E)E_, that by the contex¬ 
tual decoding invariant (Lemma 1211b is a normal form. ■ 

Proof of Theorem 7 (page 9) 

Proof: it follows from Lemma |26] and Lemma ■ 

Appendix F 

Proofs Omitted From Sect.UxI 
(Interlude II: Relative Unfoldings) 

Proof of Lemma 3 (page 9) 

Proof: by induction on W. ■ 

Lemma 30 (Properties of Relative Unfoldings). Let t and u 
be terms and S be a shallow context. 

1) Commutation.- {Xx.t)fg = Xx.tf^, {tu)Xg = 

t[x^u]lg, = S'{a:^4}4, and = 

2) Freedom.- if S does not capture any free variable of t 
then 

3) Relativity.- if tf = uj, then 

4) Applicativity.- if S is applicative then is applicative. 

5) Splitting.- = ( 4 , 4 . 

6 ) Factorisation.- S'{t)X^ = particular 

S{t)i= Slitlg) and L{t)lg = 

Proof: Routine inductions on S' or S". ■ 

Appendix G 

Proofs Omitted From Sect.IxD 
(The Useful Fireball Calculus) 

Proof of Lemma 4 (page 11) 

Proof: 

1 ) By induction on the pair (number of ES in S,S)- Cases 
of S: 


a) Empty, i.e. S = {■). Then Sf = (•)4, = (•) is an 
evaluation context. 

b) Right Application, i.e. S — tS'. Then Sf = 

t^E is an evaluation context. 

c) Left Application, i.e. S = S't with tf a fireball f. 
Then Sf = S'4f4, =i.h. Ff is an evaluation context. 

d) Substitution, i.e. S = S'[a:<-f] with tf a fireball f 

and S'{a;^t4,} is evaluable. Note that the number 
of ES in S'{x<-f4,} is strictly smaller than the 
number of ES in S, because tf has no ES. Then 
by i.h. S'{x<-f4,}i evaluation context. Now, 
Si= S'[x^f 4 = =f.[^S'{x ^44 

which is an evaluation context. 

2) By induction on the pair (number of ES in S,S). Cases 
of S: 

a) Empty, i.e. S = {■). Directions 

i) =>, i.e. S is evaluable. Nothing to prove. 

ii) <:=. Then S is evaluable. 

b) Right Application, i.e. S = wS'". Note that S' 
cannot be empty, otherwise S = wS'" = S"u and 
S would have two holes. Then S' = wSa for some 
S 4 , and the statements follows from the i.h. applied 
to S'" and S' 4 - 

c) Left Application, i.e. S = S'"w. Directions: 

i) =>. Since S is evaluable, ruj, is a fireball, and 

S'" is evaluable. Note that either S' is empty, 
and then u = w and the statement holds 
because a fireball, or S' = S 4 W 

with S 4 s.t.—say— S'" = «S' 4 («S'"[x-s-u]). Now, 
note that ufg, = and the 

statement follows by the i.h. applied to S'". 

ii) <;=. By taking S' := (•), the hypothesis be¬ 
comes ^ fireball. We are left to 

show that S'" is evaluable, that is given by the 
i.h.. 

d) Substitution, i.e. S' = S'"[y*^w\. 

i) =^. Since S is evaluable, wf is a fireball, and 
S'"is evaluable. Note that either S' 
is empty, and then u = w and the statement 
holds because = 'R' 4 ,is a fireball, or S' = 
S 4 [y-<^w] for some S 4 that is a prefix of S'", 
i.e. s.t. S'" = S 4 {S"u) or S'" = S' 4 («S'"[x^w]). 
Let’s say that S'" = S 4 (S"u). Now, applying 
the i.h. to 

S'4(>S'"u){2/^ui4 = 

we obtain that is 

a fireball. We conclude noting that 

Lemma EH] 

S'" = ^(S'" [x<-!«]), uses the same reasoning). 

ii) By taking S' := (•), the hypothesis be¬ 
comes = wf is a fireball. We are left 


24 






to show that S'”{y^w^ is evaluable, that is 
given by the i.h.. 

■ 

The following technical lemma is very useful to decom¬ 
pose and construct evaluation contexts compositionally. 

Lemma 31. 

1) if S{S') is evaluable then S is evaluable and S'l^ is an 
evaluation context. 

2) if S is evaluable, is an evaluation context and S' 
is without ES then S{S') is evaluable. 

Proof: 

1) By induction on the pair (number of ES in S,S). Cases 
of S: 

a) Empty, i.e. S = (•). The hypothesis becomes that 

S' is evaluable, and so S'f^ = = S'f is 

an evaluation context by Point [T] Clearly (•) is 
evaluable. 

b) Right Application, i.e. S = tS". By i.h., S" 
is evaluable, that implies S evaluable. Moreover, 
S'lg = S'l^g,, = 5"4^„ which is an evaluation 
context by i.h.. 

c) Left Application, i.e. S = S"u. By i.h., S" is evalu¬ 
able. From the hypothesis that S{S') = S"{S')u 
is evaluable it follows that ufis a fireball, and so 
S is evaluable. Moreover, S'f^ = S']^,,^ = S']^,, 
which is an evaluation context by i.h.. 

d) Substitution, i.e. S = S"[x-<^u]. From the hypoth¬ 

esis that S{S') = S'"(S")[a;'!-M] is evaluable it 
follows that w4,is a fireball. Since S'"{a;<-u4,} has 
strictly less ES than S (because it4,has none), the 
i.h. gives that is evaluable, and so S 

is evaluable. Then S'l^ = 

that by i.h. is an evaluation 

context. 

2) We prove that is a fireball whenever S{S') = 

S"{S'"u) or S{S') = S'"(S""[a;^M]), and conclude 
by applying Point ID Now, since S' has no ES, if 
S{S') = then [a;<-u] occurs in S, and 

S" is a prefix of S. We obtain that is a fireball by 
applying Point |2] to S, that is evaluable by hypothesis. 
If S{S') = S"{S"'u) with S" a prefix of S we reason 
similarly. Otherwise, the application S'"u occurs in S', 
i.e. there is a context S '4 s.t. S" = S{S 4 ) and S' = 
S 4 {S'"u). Then we have S']^ = S 4 {S"'u)lg =l[30]6] 

=4, 130111 '“'is <54 )) ’ 

which by hypothesis is an evaluation context. Therefore, 
We conclude with =l[3DI5] 

=lI 30|2I where the last equality follows 
because S'4, being a prefix of S', has no ES and so 
cannot capture the variables in u. ■ 

The next result to be proved is Theorem [ 8 ] —Ouf) 

is a locally bounded high-level implementation system). We 
follow closely the same approach used for the Explicit FBC 


in Appendix |B] and Appendix O first we define proper terms 
and the invariants of reduction; then we characterize normal 
forms; finally we prove projection and we obtain the theorem 
as a corollary. 

Definition 10 (Proper Term). A term t is proper if 

1) Evaluability.' t = S{u) with S evaluable and u a l-term 
(without ES); 

2) Value.' no value in t contains ES. 

For instance, a proper term cannot have redexes inside 
ES. 

Note that initial terms are proper and so the next lemma 
applies in particular when the starting term is initial. 

Lemma 32 (Proper Invariant). Let t be a proper and closed 
term. If t —°*f u then u is proper and closed. 

Proof: by induction on the length k of the derivation 
t u. The base case is trivial. For the step case, assume 
t w ^uf u. By i.h. w is proper and closed. We 

distinguish two cases: 

1) Case w = S{L{lx.r)q) S{L{r[x^q\)) = u where 
S{Lq) is evaluable and applicative: 

u is closed because w is. All values in u are values in the 
proper term w, and therefore they have no ES. Moreover 
r is a sub-term of a value of w, and therefore has no ES. 
Since S{Lq) is evaluable, qf^ is a fireball by Lemma l4l^ 
and S and S (L) are evaluable by Lemma [3 1111 Therefore 
S'(L((-)[x<-g])) is evaluable too by the other direction 
of Lemma @ 12 ] and the evaluability of S{L). Therefore 
u is proper. 

2) Case 

w = 5'(5''(x)[x<-L(u)]) ^ue S{L{S'{v)[x<^v])) = u 
where S'(S"[x<-L(t;)]) is evaluable and applicative and 

^ 4 ( l > = ^y-p- 

u is closed because w is. All values in u are values in 
the proper term w, and therefore they have no ES. In 
particular, v has no ES. Thus u is proper. ■ 

Lemma 33 (Normal Form Characterization). Let t = S{u) be 
a proper and closed term s.t. u ond S is evaluable. Then 

1) either is a fireball, 

2) or -^i, more precisely exists S' s.t. 

a) u = S'(x) with 

b) X G fv(u), 

c) S{S') evaluable, 

d) = Ay.iu, and 

e) S' is applicative. 

Proof: first of all, let us show that the conditions on S' 
imply ufg —?>f. We have: 

=L[-Tnmi 

^cfcL l31lll 

=b&.Lmm 

=d 

F{Xy.w) 


25 




















and F := S"4^ is applicative, by c and L I30I4I Then note 
that Point [T] and Point |2] are mutually exclusive. Indeed, by 
Lemma[T5] an unfolded term which is a fireball is ^-f-normal. 
So, if Point [U holds then Point |2] does not, and vice-versa. 
Therefore, in the following proof for we only have to prove 
that Point [T] or Point |2] holds. 

By induction on u. Cases; 

1) Variable x. Since t is proper and closed, is a fireball. 

2) Symbol and Abstraction. Note that by properness, the 
abstraction is an ordinary A-term, i.e. it does not contain 
ES. Then in both cases we can apply Lemma [19] 
obtaining that is a fireball. 

3) Application u = wr. Since S{w{-)) is an evaluable 
context, we can apply the i.h. to r, ending in one of 
the following two cases: 

a) 1 -^ is a fireball. Then S{{-)r) is an evaluable 
context and we can apply the i.h. to w obtaining 
two cases: 

i) w.lg is a fireball. Two kinds of fireball; 

* ^ inert A. Then is 

a inert, i.e. a fireball. 

* )r) abstraction Xy.q. Then 

reduces, indeed = 

{Xy.q)r\g ^f. In terms of contexts, note 

that w is not itself an abstraction, otherwise 
u would be a ^um-redex, i.e. w has the 
form L{x). Moreover, L does not capture 
X, otherwise u = wr = L{y)r would have 
a ^ue-redex (because t is proper and so 
the substitution on cc in L can fire). Then 
X G iv(w) (and so x G fv(rt)) and S' := Lr 
satisfies points a, b, d, e of the statement. For 
c, we only have to show that the content of 
every substitution in L unfolds to a fireball 
in its context (by Lemma I4l21i . Note that, 
since t is proper, there is an evaluable context 
containing all the ES in t, i.e. the content of 
every substitution in t unfolds in its context 
to a fireball. 

ii) reduces, i.e. —:>f. We have = 

because is a 
fireball and so (•)r4 ™ evaluation context. 

In terms of contexts, set S' := S"r, where S" 
is he context given by the i.h.. It is easily seen 
that S' satisfies the statement. 

b) r^ reduces, i.e. —j-f. We have = 

because an evaluation 

context. In terms of contexts, set S' := wS", where 
S" is he context given by the i.h.. It is easily seen 
that S' satisfies the statement. 

4) Substitution u = w[x^r]. 5'((')[a;<-r])4,is an evaluation 
context and we can apply the i.h. to w. Note that 

since =l| 30I6|^[3^^^]4 = ^^4’ ‘^^se 

reduces to the i.h.. In terms of contexts (for Point |2|, 
note that the context S" given by the i.h. cannot expose 


an occurrence of x, otherwise there would be a ^ue- 
redex in u (because t is proper and so r has the form 
L{v)). Thus, the context S' := S"[x^r] is easily seen 
to satisfy the statement (inheriting the properties of S"). 

■ 

Corollary 6 (Normal Forms Unfold to Normal Forms). Let t 
be a closed proper term. If t is —o^±-normal then tf is -Gf- 
normal. 

Proof: note that applying Lemma with S := (•) and 
u := t one obtains that tfis a fireball, because the second case 
cannot happen, given that u now is closed and so it cannot be 
written as u = S'{x) with x G fv(rt). By Lemma [TSl tfis 
-normal. ■ 

To prove the projection lemma we need to prove first as 
a technical lemma another sufficient condition for a context 
to be evaluable. The condition is based on the definition of 
position of a redex. 

The position of a redex is (the context S exposing) the 
application that makes applicative the evaluable context in the 
side condition. For a -redex, it is given by S, while for 
a —Oue-redex one needs to do a case analysis, because the 
application may lie in S or in S'. Note that such a notion of 
position for —o^e-redexes is different with respect to the one 
used in Subsect. IB-AI 

Lemma 34. If S (t) has a redex having its position in t then 
S is evaluable. 

Proof: then the position of the redex has the form 
S{S') for some context S'. By the hypothesis on redexes 
and Lemma r3 1 1 1 1 S{S') is evaluable. By Lemma r31lll S is 
evaluable. ■ 

Lemma 35 (Projection). Let t = S{u) —Oni S'{w) = r by 
reducing a redex whose position lies in u. If the redex is 

1) Multiplicative.- then u>4^, and rfi- 

2) Exponential.- then —>-f and tf= rj,—^-f. 

In both cases is not a fireball. 

Proof: the fact that in both cases is not a fireball, 
follows from Lemma [TSl and the fact that ufg reduces. Cases: 

1) Multiplicative. Note that in this case S' = S. Then 
tf -G± rf follows from ufg -Gf By Lemma [3j 

S is evaluable, and by Lemma 141II Sf is an evaluation 
context, so: 

4 

'S'4U =L [3ni6i 

Siiwis,) =L[Hnmi 

S{w)l 

rf 

We now show ufg Since the redex lies in u, 

we have u = S'{L{Xx.w)r) and t = S{S'{L{Xx.w)r)) 
with S{S'{{-)r)), and thus S{S'), evaluable. Moreover, 
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by = ri^^g') is a fireball 

and S'^ is an evaluation context. Then 

'^is 

S'{L{Xx.w)r)lg 
S%{{L{Xx.w)r)ig^g,^) 

S%{L{Xx.w)l^^g,^rl^^g,^) 

*5'% {^x.wlg^g, ^2,)) ’'4s(s/)) 


5"4g {wlgf^g ,}) 

S'lsHx^r]l^(^S'{L))) 

S%{L{w[x^r])l^^g,^) 

S'{L{w[x^r]))lg 

wig 

2) Exponential. We take ti = rj, for granted, because 
a substitution step by definition does not change the 
unfolding. Similarly to the previous case, fj,—follows 
from uig Indeed, by Lemma [31111 S is evaluable, 
and by Lemma 1411 1 Si is an evaluation context, so: 

4 = S{u)i=g^^Si{uig) 

Now we prove itj, —^-f. We have u = S'{L{x)r) and 
t = S{S'{L{x)r)). In t there is somewhere (in L, S', or 
S) a substitution [x^L'{q)] with the hypothesis that q 
relatively unfolds to some value Xy.w in its context. So, 
~ ^y-w. Moreover, by hypothesis S{S') is 
evaluable, and so by Lemma I31I1I S'ig is an evaluation 
context. Finally, is a fireball, because S{S'{{-)r)) 

is evaluable. Then 


= (Lemma I30I6I) 

= (Lemma I30I11 I 

= (Lemma I30I6I ) 

= (Lemma 13011b 

— (S'ig is an ev. 
cont. & rig^g,^ 
is a fireball) 

= (Lemma 13011b 

= (Lemma 13011b 

= (Lemma 13016b 

= (Lemma 13016b 


be a fireball, while by (properness and) Lemma [19] 
it does. Nor S 2 can lie in q, otherwise again 
by Lemma qig would not be a fireball. Then 
necessarily S 2 = Si = {■). 

b) Exponential Redex, i.e. u = S'{L{x)r). Now, 
S 2 cannot lie in L{x), otherwise by Lemma 
^(^)-ls{S 2 ) ^ fireball, while by the 

hypothesis on the —o^g-redex it does (it is an 
abstraction). Nor S 2 can lie in r, otherwise again 
by Lemma rig would not be a fireball, while 
by the hypothesis on the —o^e-redex it does. Then 
necessarily S 2 = Si = {■). 

2) Right Application Si = rS'i and t = rS'i{q). By 
Lemma iTSl S'i{q)ig^^^ has a -redex and it is not a 
fireball, so no redexes can lie to its left, in particular S 2 
does not lie in r. By Lemma [T5l S'i{q)ig^^, is not a 
fireball, and so S 2 cannot be empty (i.e. rS{ (q) cannot 
be the position of a -redex). Then, S 2 = uS' 2 , and 
the statement follows from the i.h. applied to and S' 2 . 

3) Left Application = S'^q and t = S'i{r)q. Note that 

S 2 cannot lie in q, otherwise by Lemma (TSl g ^ 

has a —J’f-redex and it is not a fireball, and so no 
redexes—in particular the one of position S{Si) —can 
lie to its left, absurd. And S 2 cannot be empty (i.e. the 
position of a ^u^-redex), because then S'i{r) would 
have the form L{Xx.p), which by Lemma cannot 
contain the position of a redex, because by Lemma [T^ 

is a fireball. Then, S 2 = and the 
statement follows from the i.h. applied to S'J and S' 2 . 

4) Substitution Si = S'[[a;<-u>]. Then necessarily S 2 = 
S' 2 [a;<-w] (remember the position of a -redex is an 
application) and the statement follows from the i.h.. ■ 


S'{L{x)r)ig 

S'ig{{L{x)r)ig^g„^) 

S ig{L{x)igf^g,^rig^g,,^) 
S'lg{xig(g>(L))'''ig(g')) 

S'ig{{>^y-w)rig^g„^) 

S'ig{w[y^rig^g,.^]) 


= (Lemma 13016b 

= (Lemma 13011b 

= (Lemma 13016b 

= (^is{s'(L)) = 

-^1 (S'ig is an ev. cont. 

& rig^g,^ a fireball) 


Determinism of —is the last ingredient to prove that (— 

, ^uf) is a locally bounded high-level implementation system. 

Lemma 36 (Determinism). Let t be a term and S{Si) and 
S{S 2 ) positions of ^^.f-redexes. Then Si = S' 2 . 

Proof: by induction on Si. Cases: 

1) Empty Si = {•). Cases: 

a) Multiplicative Redex, i.e. u = L{Xx.r)q with 
qig a fireball. Now, S 2 cannot lie in L{Xx.r), 
otherwise by LemmalTSl L(Aa:.r) would not 


Proof of Theorem 8 (page 11) 

Proof: the pair is an high-level implementa¬ 

tion system because of Lemmal^ Lemma (TSl and Corollary |6| 

We deduce that the implementation system is locally 
bounded from the corresponding bound (Lemma 1515b on the 
abstract machine that implements the calculus. An alternative, 
direct proof without any reference to abstract machines is 
surely possible, but we would need to establish first additional 
invariants on the ES that occur in the term. Intuitively, anyway, 
the local bound follows mainly from acyclicity of the explicit 
substitutions and the fact that only multiplicative steps can 
create a new ES, while exponential steps never duplicate terms 
containing ES. ■ 

Proof of Proposition 4 (page 11) 

Proof: omitted. All postponement proofs are similar and 
lengthy. In Subsect. [B-Bl of the Appendix we proved the lemma 
for the Explicit EBC. Other examples can be found in the long 
version of El. ■ 
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A. Proofs Omitted From Sect. \XI1\ 

(The GLAMoUr Machine) 

The aim of this section is to prove Theorem |9] 
{{GLAMoUr, is a reflective explicit distillery) 

and Theorem [TO] (the useful implementation has bilinear low 
level and quadratic high level complexity). We start by proving 
that the invariants of the machine holds. 

Lemma 37 (Contextual Decoding). ^ is a substitution con¬ 
text; ID. and tt are shallow contexts without ES. 

Proof: by induction on E, D and tt. ■ 

Proof of Lemma 5 (page 12) 

Proof: by induction over the length of the execution. The 
base case holds because t is initial. The inductive step is by 
cases over the kind of transition. All the verifications are trivial 
apart for Point |4] For Point ID evaluability for ttJ,^ 

follows from Point |3] and Lemma 14121 while evaluability for 
follows from them and Lemma l4l^ ■ 


• Case {D : {t,Tr),a,Tr',E) {D,t, {a,Tr')^ : tt,E): 

(D : (f,TT),a,TT',E) = 

{ D : {t,-K) {{a)]f_))E = 

{D{{t{a)Tf_)Tf))E 
{D{{t) {a,TT')^ : n ))E = 

{D,t, (a, 7 r')^ : -k,E) 

. Case [D : (f,'iT),x,'K',Ei[x‘^(j)-^\E2) 

{D,t, {x,tt')^ : tt,Ei[x^(I)^]E 2 ): 

{D : {t,TT),x,Tr',Ei[x^(j)^]E 2 ) = 

{D,t, {x,tt')^ : 

The proof is the one for the previous case by 

replacing a with x and instantiating E with Ei 

• Case {D : (f, tt), x, e, i?i [x<-«'"]S2) "^05 {D,t,x'’ : 
tt,Ei [x<-u^]i?2): 

{D : {t,TT),x,e,Ei[x^u"]E 2 ) = 

{D,t,x'’ : IT, Ei[x<^iE]E2) 


Lemma 38 (Explicit Distillation). Let s be a reachable state. 
Then: 

1) Commutative.- if s 2345 s=^- 

2) Multiplicative.- if s s' then s —Oum= s^' 

3) Exponential.- if s -^ue s' then s sf 


Proof: we list the transition in the order they appear in 
the definition of the machine. 

• Case {D,tu,TT,E) {L> : (f, tt), u, e, £’): 

{D,tu,'K,E) = 

{D{{tu)Ti))E 

{D{{m)lL))E 


{D{{lx.t)f^))E 

\D_{{{lxd.)(QT^)E 

{D{(f[x^£)Tl))E 
{D{{tjTf)[x^(j)\)E 
{D{{t)Tl)) [x^4'^]E 
{D,t,Tr, [x^f^jE) 


{D 


t^){u))E 

{D 

{t, 

T^){{u)e))E = 

{D 

(.t, 

TT),u,e,E) 

: TT 

,E) 

-^um {D,t,Tr, [x^(l)‘]E) 

^■.TT 

,E) 

= 


(by Lemma l5]4l 
and Lemma [ 
(by Lemma [ 


• Case {D : {t, tt),Ix.u, e, E) ~'+c 2 {D, t, {Ix.u)" : tt,E) : 


(D 

{t, tt), lx.u, e, E) 

{D 

{t, 7r)((Zx.u)e))^ 

{D 

{t, Tr){lx.u))^ 


{ID{{t{lx.u))Ti))^ = 

{ID{(f){lx.u)'' : tt))E_ = 
{D,t, {lx.uY : TT, E) 


The proof is the one for the previous case by replac¬ 
ing {lx.u) with X and instantiating E with Ei[x<-TU]E 2 . 
• Case {D,x,(jf : t:, Ei[x‘^v"]E 2 ) ~->oes {L>,v°', Y : 
Tr,Ei [x^v'']E2): 

{D,x,(l)’‘ : Tr,Ei[x<^v'"]E2) = 

■'^))Ei[x^v'"]E 2 ^ue (by Lemma 15 141 

and Lemma l5l3T l 

{D{{ir)Y ■.tt))Ei[x^vYE2 = 

{D,v'^,Y ■.7r,Ei[x^jU]E2) 


The next lemma extends the notion of state size |s| given 
in Definition |9] by ignoring the new machine component E. 
The precise definition is Definition | 6 ] 

Lemma 39 (Determinism). The transition relation of the 
GLAMoUr is deterministic. 

Proof: a simple inspection of the transitions shows no 
critical pairs. ■ 

Lemma 40 (Progress), if s is reachable, nfc(s) = s and 
s —Ox t with X C {urn, ue}, then there exists s' such that 
s -^x s', i.e., s is not final. 

Proof: by Lemma and Lemma it is sufficient to 
show that every reachable stuck state decodes to a normal 
form. The only stuck forms are: 

> Error states. The state con only be {D, x, tt, E) where x 
is not defined in E or it is defined to be a t" where t is 
not a variable or a value. 

The state is not reachable because it would violate either 
the invariant in Lemma ISTTI or the invariant in Lemma 151^ 
• Final states. Cases: 

1) The result is/unfolds to a value. The state is 
(e, f, e, E) with t an abstraction or a variable bound 
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in to a (/)". By Lemma [JTl {e,t,e,E) = (t)^ = 
L{t) for some L. Note that L(t)_l= is a fireball, 
indeed if t is an abstraction it is given by Lemma [T^ 
and if it as a variable it is given by Lemma lSlSl Thus 
by Lemma [T5l L{t) is normal. 

2) The result is/unfolds to a inert. The state is 
{e,t,TT,E) with t a symbol a or a variable bound 
in E to a 

By Lemma ITtI (e,t,Tr,E) = ((t)7r)^ = L{{t)Tr) 
for some L. Note that L{t)_l = is a breball, 
indeed if f is a symbol it is given by Lemma [19] and 
if it as a variable it is given by Lemma I5I3I More¬ 
over, by Lemma ttJ,^ has the form (•)/!... /„. 
Thus, by Lemma l30lll and the debnition of breballs, 
(i)TLlj^ is a fireball too. Therefore by Lemma 
L{{t)]r} is normal. ■ 

Proof of Theorem 9 (page 12) 

Proof: the theorem follows from Lemma Lemma 
and Lemma |40| ■ 

Proof of Theorem 10 (page 12) 

Proof: the proof follows from Theorem |3] applied to 
Theorem |8| and Theorem |6| applied to Theorem |9| and Corol¬ 
lary (Tj Bi-linearity of the machine requires to show that the 
commutative steps are implementable in constant time, while 
the principal ones in time 0(|f|). The machine is meant 
to be implemented using a representation of codes using 
pointers, in particular for variables, so that the environment 
can be accessed in constant time. Assuming this, all rules 
except the exponential one evidently take constant time on 
a RAM machine, because they amount to moving pointers. 
The exponential rule requires 0(|f|) because it copies and a- 
renames a value v. Both these operations take time 0(|r;|). The 
value invariant (Lemma I5l2b guarantees |ri| < |f|. Additional 
considerations on the cost of similar rules can be found in 
03 (page 9 and 11, paragraphs Abstract Considerations on 
Concrete Implementations). ■ 

Appendix H 

Proofs Omitted From Sect. IXIIH 
(Optimising Useful Reduction: 
Unchaining FBC and the Unchaining GLAMoUr) 

We prove Lemma l42l first: then we address Theorem [T^ 
((^f, ^of) is a globally bounded high-level implementation 
system) and Proposition |5] (= is a Strong Bisimulation). 

For chain-starting contexts C^, we need prove that their 
hole is indeed the left end of the chain, with the help of a 
preliminary lemma. 

Lemma 41. Let I{x) s.t. I does not capture x. Then J(a:)4,= 

X. 

Proof: by induction on I. Cases: 

1) Base ! = {■). Then I{x)f= xf= x. 


2) Inductive I = I{y)[y-<^I']. Then 

/(a:)4.= I{y)[y^I'{x)]i = I{y)l{y^l'{x)i} =i.h. 
y{y^i'{x)\f =i.h. y{y‘^x} = x 

3) Closure I = /[?/<-(]. Then 

l{x)[y^t]i= =i-h. x{y^t\f = x 

■ 

Lemma 42. Let C{x) s.t. C does not capture x. Then there 
exists y s.t. C{x) = C^{y) and yf^„ = x. 

Proof: by induction on C. Cases: 

1) Base, i.e. C = S{y)[y^I]. Then 

C{x) = S{y)[y^I{x)] = S'{y)[y^lY {y) 

Now, y]^^ = = I{x)i=^^x 

2) Inductive, i.e. C = C'\z)[z<^I]. Then 

C{x) 

(^{z)[z^I{x)\ =i,h. 

P^y)[z^I {x)] = 

C'{z)[z^If{y) 

Now, 

=i-h. 

z{z^l{x)]} = I{x)i=L^x 

3) Closure, i.e. C = S'{C'). Then 

C{x) = S'{C'{x)) =,,, S'id^iy)) = P(cr{y) 

Now, 

y-lfjx — ~th. ^ 

because C, and thus S', does not capture x. ■ 

Proof of Lemma 7 (page 13) 

Proof: by induction over the length of the derivation. A 
simple inspection of the rewriting rules shows that all values 
in the result of a reduction step are copies of values in the 
term being reduced. ■ 

Proof of Lemma 8 (page 13) 

Proof: using the sub-term property (Lemma |7]i. ■ 

From now on we follow closely the same approach used 
for the Explicit FBC (Appendix |B] and Appendix O and the 
Useful FBC (Appendix IgIi. without the need to define proper 
terms first: we start characterizing normal forms; then we 
prove projection and we obtain Theorem [T2| ((—>^f, ^of) is 
a globally bounded high-level implementation system) as a 
corollary. 

Lemma 43 (Normal Form Characterization). Let t = S{u) be 
a proper term s.t. u is -Oof-normal and S is evaluable. 
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1) either is a fireball, 

2) or —5>f, more precisely exists S' s.t. 

a) u = S'(x) with 

b) = y, 

c) y € fv(M), 

d) S{S') evaluable, 

e) ylg = ^y-w, and 

f) S' is applicative. 

Moreover, the context S' in Point \2} is unique. 

Proof: first of all, let us show that conditions 2.a-f imply 
ufg Indeed, 

ulg =a 

^ ^ ~c&:L |3016] 

F{xis(S')^ =6 

F{yis) 

F{Xy.w) 

and F := is applicative, by d and L I30I4I 

Now, we show that 1 and 2 are mutually exclusive. By 
Lemma [TSl an unfolded term which is a hreball is ^f-normal. 
Then if 1 hold then 2 does not, and if 2 holds 1 does not. 
Therefore, in the following proof we only prove that 1 or 2 
holds. 

By induction on u. Cases: 

1) Variable x. Since t is proper, ulg is a hreball. 

2) Symbol and Abstraction. Note that by properness, the 
abstraction is an ordinary A-term, i.e. it does not contain 
ES. Then in both cases we can apply Lemma [19] 
obtaining that is a hreball. 

3) Application u = wr. Since r is normal and S{w{-)) is 
an evaluable context, we can apply the i.h. to r, ending 
in one of the following two cases: 

a) 1 holds for r. Then S{{-)r) is an evaluable context 
and we can apply the i.h. to w and obtain two 
cases: 

i) 1 holds for w. Two cases: 

A) = A. Then ufg is a inert, i.e. a 
hreball. 

B) = Xy.q. Note that w cannot be 
itself an abstraction, otherwise u would not 
be normal. Then w = L{y). Now, yfj^ can¬ 
not be an abstraction, otherwise—again— u 
would not be normal. Then yfj^ = x for 
some X G fv(w) (possibly x = y). Note 
that S' := Lr is applicative and satishes 
the other points of 2. For c, in particular, we 
only have to show that the content of every 
substitution in L unfolds to a hreball in its 
context (by Lemma i4m . Note that, since 
t is proper, there is an evaluable context 
containing all the ES in t, i.e. the content of 
every substitution in t unfolds in its context 
to a hreball. 


ii) 2 holds for w. Then 2 holds for u by taking 
S' := S"r where S" is the context given by the 
i.h., as all the conditions for S' follows from 
those for S". Unicity follows from the i.h. and 
the fact that no other such context can have its 
hole in r, because 2 does not hold for it. 

b) 2 holds for r. Then 2 holds for u by taking S' := 
wS" where S" is the context given by the i.h., as 
all the conditions for S' follows from those for S". 
Unicity follows from the i.h. and the fact that no 
other such context can have its hole in w, because 
1 does not hold for r. 

4) Substitution u = w[z<^r]. Then *S'((-)[2:<-r])4, is an 
evaluation context and we can apply the i.h. to w. Two 
cases: 

a) 1 holds for w. Note that since 

=L|3Dini 

1 holds for u. 

b) 2 holds for w. Let y G fv{w) be the variable and 
S' be the context given by the i.h.. Then we have 
two cases: 

i) y = z. Necessarily, r has the form L{x') with 
x'fj^ = y', otherwise u would not be —Ouf- 
normal. Taking S" := S'[z<-r] it is easily seen 
that 2 holds for u with respect to x and y'. 
Unicity follows from the i.h.. 

ii) y z. Taking S" := S"[z<-r] it is easily seen 

that 2 holds for u with respect to x and y. 
Unicity follows from the i.h.. ■ 

Corollary 7 (Normal Forms Unfold to Normal Forms). Let t 
be a closed proper term. If t is -Oot-normal then tf is — 
nonnal. 

Proof: note that taking S := (•) and u := t and applying 
Lemma |4^ one obtains that tfis a hreball, because the second 
case cannot happen, given that u now is closed. By LemmafTSi 
tfis -normal. ■ 

To prove the projection lemma we need to prove hrst as 
a technical lemma another sufficient condition for a context 
to be evaluable. The condition is based on the dehnition of 
position of a redex. 

The position of a ^om-redex is S. The position of ^oec 
and —Ooes redexes is the application that makes applicative 
the evaluable context in the side condition. Note that the 
position of a redex is always a context exposing an application 
constructor. 

Lemma 44 (Projection). Let t = S{u) —Oot S'{w) = r by 
reducing a redex whose position lies in u. If the redex is 

1) Multiplicative.- then and 

2) Shallow or Chain Exponential.- then and tf = 

rl^f. 

In both cases is not a fireball. 
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Proof: the fact that in both cases is not a fireball, 
follows from Lemma [TSl and the fact that ufg reduces. Cases: 

1) Multiplicative. Exactly as in the proof of Lemma [L5] 

2) Exponential. We take tf = rf for granted, because 
a substitution step by dehnition does not change the 
unfolding. Similarly to the previous case, fj,—follows 
from ufg -^f. Indeed, by Lemma [31111 S is evaluable, 
and by Lemma 1411 1 Sf is an evaluation context, so: 


4 = S{u)i=^^^Si{ulg) 


Now we prove uf -^t. We have u = S'{L{x)r) 
and t = S{S'(L{x)r)). Let us show that for both 
exponential redexes x unfolds to an abstraction. In t 
there is somewhere (in L, S', or S) a substitution [x<^q\. 
Now, \f q — L'{v) then we have a ^oes-redex (because 
V is an abstraction). If instead q — L'{y) then we have 
a ^oec-redex and t writes also as S"{C{y)[y-<^L"(v)]) 
with C{y) = C^{x), xf^^ = y (by Lemma l42li. and 
s.t. the two contexts S{S'{Lr)) and S"{^y[y->^L"(v)]) 
coincide. Then 

^■^(S'iLr)) = 

= (LemmaEOB) 


xi^y{y^L"{v)\^lg„ = {xi^^=y) 

y{y^L"{v)]}lf,„ = (L"(u)4,is an abst.) 

y{y^v'}ig„ 

v'\^„ = (u'^„ is an abst.) 

v" 

Summing up, = Xy.w. Moreover, by hypoth¬ 

esis S{S') is evaluable, and so by Lemma [31111 S' |^ 
is an evaluation context. Finally, is a hreball, 

because S{S'{{-)r)) is evaluable. Then 


b) Exponential Redex, i.e. u = S'{L{x)r). Now, 
S 2 cannot lie in L{x), otherwise by Lemma 
^i^)is{S 2 ) ^ fireball, while by the 

hypothesis on the ^g-redex it does (it is an 
abstraction). Nor S 2 can lie in r, otherwise again 
by Lemma would not be a fireball, while 

by the hypothesis on the -redex it does. Then 
necessarily S 2 = Si = {■). 

2) Right Application Si = rS'^ and t — rS'i{q). By 

Lemma iTSl has a —^-f-redex and it is not a 

fireball, so no redexes can lie to its left, in particular S 2 
does not lie in r. By Lemma^ 
fireball, and so S 2 cannot be empty {i.e. rS[ (q) cannot 
be the position of a —o„-redex). Then, S 2 = uS' 2 , and 
the statement follows from the i.h. applied to and S' 2 . 

3) Left Application = S'^q and t = S'i{r)q. Note that 
S 2 cannot lie in q, otherwise by Lemma [35] w 
has a —^f-redex and it is not a hreball, and so no 
redexes—in particular the one of position S{Si) —can 
lie to its left, absurd. And S '2 cannot be empty {i.e. 
the position of a ^m-redex), because then S( (r) would 
have the form L{\x.p), which by Lemma cannot 
contain the position of a redex, because by Lemma [19] 
L{Aa;.p)4g.^^ is a hreball. Then, S 2 = S 2 W, and the 
statement follows from the i.h. applied to S^ and S' 2 . 

4) Substitution Si = SJ[a:<-r(;]. Then necessarily S 2 = 
S 2 [a;<-w] (remember the position of a ^g-redex is an 
application) and the statement follows from the i.h.. ■ 

Note that we did not yet prove determinism, as two redexes 
may a priori have the same position. 

Lemma 46 (Redexes Have Different Positions). Any two ^of 
redexes in a term t have different positions. 


“4 

S'{L{x)r)ig 
S'4((L(a:4)4^g,)) 
S'4^ ) 

4is(5'(L))’’-ls(S')) 

S'ls{{>^y-w)rlg^g,^) 

S'ls{w[y^r_l^^g,.^]) 


= (Lemma 13016b 

= (Lemma 13011b 

= (Lemma 13016b 

= 

(S'fg is an ev. cont. 
& 4s(s'> ^ fireball) 


Lemma 45 (Positional Determinism). Let t be a term and 
S{Si) and S{S 2 ) positions of ^ot-redexes. Then Si = S 2 . 

Proof: by induction on Si. Cases: 

1) Empty Si = (•). Cases: 

a) Multiplicative Redex, i.e. u = L{Xx.r)q with qf^ 
a hreball. Now, S 2 cannot lie in L{Xx.r), other¬ 
wise by Lemma [T5]L(Aa:. r)j^ ^^^.^ would not be a 
hreball, while by Lemma [T9| it does. Nor S 2 can 
lie in q, otherwise again by Lemma qfg would 
not be a hreball. Then necessarily S 2 = Si = (•). 


Proof: It is obvious that different multiplicative redexes 
have different positions, and that multiplicative and exponen¬ 
tial redexes cannot have the same position. Now consider an 
exponential position S{L{x)f) and let be the substitu¬ 

tion on x lying somewhere in S or L. If t has the form L' {v) 
then there is a ^oes redex, and obviously there cannot be 
other ^oes or —^oec redex with the same position. If instead 
t has the form L'{y) then we start following the chain of 
substitutions leading to the abstraction. Note that there is no 
choice about the chain, so there can only by one ^oec-redex 
with that position. ■ 

Corollary 8 (Determinism), ^of A deterministic. 

Proof: it follows from Lemma @5] and Lemma |46| ■ 

Proof of Theorem 12 (page 13) 

Proof: the pair is an high-level implementa¬ 

tion system because of Lemma[45] Lemma [44[ and Corollary |2l 
It is also globally bounded because we already proved the 
global linear bound on exponential steps (Theorem [TTb. ■ 

Proof of Proposition 5 (page 13) 
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Proof: omitted. All postponement proofs are similar and 
lengthy. In Subsect. [B-Bl of the Appendix we proved the lemma 
for the Explicit FBC. Other examples can be found in the long 
version of flSl . ■ 

Appendix I 

Proofs Omitted From Sect. IXIVl 
(Unchaining GFAMoUr) 

The aim of this section is to prove Theorem flj] 
((Unchaining GFAMoUr, ^of) =)_l) is a reflective explicit 
distillery) and the final result of the paper, Theorem [14] (the 
useful implementation has bilinear low level and bilinear high 
level complexity). 

We follow closely the methodology of Appendix IXIII The 
first step is proving that the invariants of the machine holds. 


_ = 

Ls{\D{{y)2L))myH-)r) = 

Ls{{D{n))^[y^x]) = 

{{D{n))^[y^x])^ = 

{D{lL)) Ei[y^x-]E2 

{d{il))e 

Ss 

• Non-empty, i.e. H = H' : z. By Femma II1161 we 
have E = Ei[z^y'"]E 2 [y<^x'"]E 3 and S := {I2.{tl))E, 
so that s = {Ifiiy^ ''^'''^)ll))E_ = S{y^ Note 
that by Remark [T] we can apply the i.h. to the state 
s' = {D,H' : z,y^'K,E), and we will do it in the 
following points. 

Now, 

1 ) Lg = E 3 and for Cg, note that we have 


Lemma 47. = x^ 

Proof: by induction over iJ. ■ 

Lemma 48 (Contextual Decoding). ^ is a substitution con¬ 
text; ID, and tt are shallow contexts without ES. 

Proof: by induction over E, D and tt. ■ 

Remark 1. if H : x is compatible with E, then also El is 
compatible with E. 

Proof of Lemma 11 (page 14) 

Proof: by induction over the length of the execution. The 
base case holds because t is initial. The inductive step is 
by cases over the kind of transition. All the verifications are 
trivial. Point |4| is proved as in the useful case (see Lemma |5| 
page O. ■ 

Proof of Lemma 12 (page 14) 

Proof: the first point is trivial, we prove the other two. 
By induction on the length k of H. Cases: 

m H is empty, i.e. El = e. By Lemma fl 1161 we have E := 
Ei[y<^x'"]E 2 . Let also S := {I2.{ll))E_. We have s = 
{my^'-^)lL))E = S{y^--y) and 

1) Eg = ^ and Cg = {D{{y)n))^[y<^{-)], that (by 
Lemma 1481) has the form S{y)[y<-I], and so it is a 
chain context, 

2) Now, 

s = 

Ssiy^'-'^) 

{D{{y^'-^)lL))E 

{D{{y)lL))E 

{D{{y) 2 L)) Ei [y^x'']E 2 = 

{{D{{y)TT))^[y^x])^ = 

Ls{{D{{y)TL))^[y^x]) = 

Lg{Cg{x)) 

and 


and that by i.h. Cg' is a chain context. Then 

C = 

my^''-^)2L)) Ei[z^y'’]E2 [yH-)] = 

{my^''-^)2L))mz^y])My^i-)] = 

{Cg'{y))^[y^{-)] 

and so Cg is a chain context. 

2) Note that Eg' = F 2 [y<-a;'“]F 3 , and so 

Lg{Cg{x)) = 

{{C 8 '{y))^[y^x])^ = 
{Cs'{y)) E2[y^x'’]E3 = 

Lg'{Cg'{y)) =i.h. 

s 

Then note that 



\Cg,{y)) ^[y^{-)r = 

{Cg')^y[y^x] 

Now we conclude with 

Lg{hg-) 

08 ^^ 

{ 0 'y)^[y^x])^ = 
{K'y) E2[y^x-]E3 = 

Lg'0y) 

Sg' 

Sg 


Lemma 49 (Unchaining GLAMoUr Distillation). Let s be a 
reachable state. Then: 

1) Commutative.- if s -^d 2345 §. = 

2) Multiplicative.- if s s' then s ^um= s^' 

3) Shallow Exponential.- if s ~-^oes s' then s -Ooes dj 

4) Chain Exponential.- if s -^oec s' then s —Ooec 

Proof: we list the transition in the order they appear in 
the definition of the machine. 
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• Case {D,€,tu,Tr,E) [D : {t,TT),€,u,e,E): 

{D,t,tu,TT,E) = 

mWWE 

{D{{tu)n))E 

{D{m)lL))E 


{D 

{t,TT){u))E 

{D 

{t,TT){{u)e))E 

{D 

{t,TT)((u'')£))E 

{D 

{t,TT),e,u,e,E) 


We have 

{D : (C tt), e, x, tt', Ei [x^(t>^]E 2 ) = 

(£>, e,t, (cc,7r')^ : tt, £'i 

The proof is the one for the previous case ~^C 3 , by 
replacing a with x and instantiating E with Ei 
• Case 

{D : (i^,Tr),e,x,e,Ei[x^iE]E2) 

{D,e,t,x'" : TT, 


• Case (O, e, Xx.t, (j)^ : tt, E) -^owl {D, e, t, tt, E[x<^4''‘]): 

{D,e,Xx.t,(j)’' : tt,E) = 

{D.{{XxT)(j)’‘ : tt))^ = 

{D.{{XxI)(j)^ : tt))^ = 

{D.{{(Xx.t)^)Tl))^ ^um 
{D{{t_[x^^])n))E = 

{D{{t)TL)[x^4'])E = 

{D({t)TL))E\x^^ 

{DmiL))E\x^ = 
{D,e,t,TT,E[x^(j)‘^]) 

The multiplicative step is justified by Lemma \m 
and Lemma II1131 The bisimulation step is justified by 
Lemma |24] 

• Case 

{D : {t,TT), e, XxM, e, E) ^C2 iE,e,t, {Xx.uY ■ tt,E) 


We have 

{D : {t,TT),€,x,e,Ei[x^uYE2) = 


{D,e,t,x'’ : TT, Ei[x<^iE\E 2 ) 

The proof is the one for the previous case -^ 04 . by replac¬ 
ing {Xx.u) with X and instantiating E with i?i [a;<-u"]ii^ 2 - 
• Case 

{D,e,X,(Y ■■ TT, Ei[x^v'’]E 2 ) --^oes 
{D,e,v^,Y ■T^,Ei[x<^lf]E2) 


We have 

(D,t,x,(Y : TT, Ei[x^lf]E 2 ) 
{D.iixY Y’ '■ 7r )) L;i[x^tJ^]L;2 

{D{{v°^)(Y : 7r))L;i[a;^tr“]L;2 
{D{{v"") <l^^ ■.TT )) EYx^lf]E2 
{D,e,v°',Y ■■ tt,Ei[x^v"]E 2 ) 


^oes (byLUm 


We have 


{D 

(t, tt), e, Xx.u, e, E) 

{D 

{t, tt){{Xx.u'')€))E_ 

{D 

(t, TT){{Xx.u)e))E_ 

{D 

(t, tt){Xx.u))^ 


{D.{{t{Xx.u))TT))^ = 

(D.{(t)iXx.uy '■ tt))^ = 

{D{(i") {Xx.u)~TT ))E = 

{D, e,t, {Xx.uY ■ TT, E) 

• Case 

{D : (t,TT),e,a,TT',E) -^03 {D,e,t,{a,TT')^ : tt,E) 

We have 


(D 

{t,TT),e,a,TT',E) 

{D 

{t,TT){{aATT!_))E 

{D 

{t,TT){{a)TYA)E 


{D{{t{a)TE}K))E 
{D{{t) {a,TT’)^ ■. tt ))E = 
{D{{tY {a,TT')^TT ))E = 

{D,e,t, {a,TT')^ : tt,E) 

• Case 

{D : (YTT),(i,X,TT' ,Ei[x^(I)YE2) ~^C4 
[D, e, t, {x, tt')^ :tt, El [x^4iYE2) 


■ Case 

(D, H, X, (Y : TT, El [x^y'"]E2) 

{D,H : x,y,(Y : tt, Ei[x^y'"]E 2 ) 

{D,H,x,(Y : tt, Ei[x^y'"]E2) = 

{D{{x^) Y ■■ TT )) Ei[x^yYE2 =lW\ 

{D{{y^'-^) <t>' ■^ )) Ei[x^y'’]E2 = 

(D,H : x,y,(Y : tt, Ei[x^y‘"]E 2 ) 

. Case s' ■— {D,El : y,x,(Y : 'x,E') {D,El,y,(Y : 
tt,E°) = s, where E* = Ei[y^x'']E 2 [x<^v'"]E 3 , and 
E° = Ei[y^v°‘'“]E 2 [x^v'']E 3 . Note that we have: 

1) L,,^y = E2 [x^v'']E3 

2 ) Cs',y = m{v^)r --^YEAy^i-)] 

Then, 

iD,H :y,x,Y :tt,EA 
{D{{x^-y)(f)'’ : tt))EY 

{D{{y^)r ■■ ^))EL =i[T2] 

Ls' ,y{Cs' ,y{x)) = 

{C,,^y{x)) E2[x^lE]E3 

{{Es' ,y {x) ) E 2 ) -Zi /3 °oec 

{{Cs',y{v°‘))^[x^v])^ = 

{{{D{{y^) 4>" ■ T^ ))Ei\y^v°-\)E2\x<-v\)E3 = 

{D{{y^)r ■■ ^))E1 

{D,H,y,cA ■.n,E°) 

The chain exponential step is justified because 
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1) H : y is compatible with E *, and so we can apply 
LfT2l obtaining Lg'= {D.{4>^ '■ t^))E* 

2) Lemma fl 1 141 guarantees that such a context—which 

is the context in the side-condition of the rule— is 
evaluable. It is also obviously applicative (because 
the stack has the form cj)^ : tt). ■ 

Lemma 50 (Determinism). The transition relation -w of the 
Unchaining GLAMoUr is deterministic. 

Proof: a simple inspection of the reduction rules shows 
no critical pairs. ■ 

Lemma 51 (Progress), if s is reachable, nfc(s) = s and 
s —Ox t with X G {om, oes, oec}, then there exists s' such that 
s s', i.e., s is not final. 

Proof: by Lemma and Lemma |49] it is sufficient to 
show that every reachable stuck state decodes to a normal 
form. The only stuck forms are: 

• Error states. 

1) Problem with the heap. {D,H : y,t, tt, E) when t is 
not a variable bound in E’ to a (jp or tt is empty or 
y is not bound to t in E. The state is not reachable 
because it would violate the invariant Lemma fl 1161 

2) Problem with the environment. The state is 
{D, H, x,TT, E) where x is not defined in E or it 
is defined to be a f where t is not a variable or a 
value. 

The state is not reachable because it would violate 
either the invariant in Lemma II1111 or the invariant 
in Lemma fl 11.31 

• Final states. Cases: 

1) The result is/unfolds to a value. The state is 
{e,e,t,e,E) with t an abstraction or a variable 
bound in E to a By Lemma IT tI (e, e, t, e, E) = 
(f)E = E(f) for some L. Note that L(f)f= is 
a fireball, indeed if t is an abstraction it is given 
by Lemma [19] and if it as a variable it is given by 
Lemma fl 1131 Thus by Lemma 04] L(f) is normal. 

2) The result is/unfolds to a inert. The state is 
(e, e,t, TT, E) with t a symbol a or a variable bound 
in E to a 

By Lemma [JTI (e, e,f, tt, E) = ((f)7r)E = L{(t)Tr) 
for some L. Note that L{t)f = is a fireball, 
indeed if t is a symbol it is given by Lemma [T9| 
and if it as a variable it is given by Lemma II1131 
Thus by Lemma l44l L(f) is normal. ■ 

Proof of Theorem 13 (page 14) 

Proof: the theorem follows from Lemma [49] Lemma [50l 
and Lemma [STI ■ 


In the remaining of the appendix we prove bilinearity of 
We begin redoing the proof for ^-> 012345 ’ that is almost 
identical to that of the GLAMoUr. 

Lemma 52 (Size Bounded). Let s = (E, u, tt, E) be a state 
reached by an execution p of initial code t. Then |s| < (1 + 

|p|oes)|f| ~ |p|ci_ 5 - 

Proof: the same reasoning as for the useful case 
(Lemmajbj) provides the proof for , ^oes, ~^ci 2345 ’ while 
for the new transitions ~^C 6 and -^oec it is enough to note that 
they do not change the size of the state. ■ 

Corollary 9 (Termination and Bilinearity of 2345 )- 
s be a state reached by an execution p of initial code t. Then 
|p|ci _5 < (1 + |p|e)|f| = 0{\p\p ■ |f|). In particular, -> 01 , 2 , 3 . 4,5 
terminates. 

Proof of Corollary 3 (page 15) 

Proof: combining Corollary |9] with Lemma [13] ■ 

Proof of Theorem 14 (page 15) 

Proof: the proof follows from Theorem [3 applied to 
Theorem [12] and Theorem ] 6 ] applied to Theorem [T3] and 
Corollary ]3] For the implementability of the steps we refer 
to the proof of Theorem [TO] ■ 


A. Proofs Omitted From Subsect. \XIV-A\ 
(Bilinearity: Principal vi Commutative Analysis) 
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